Critical infrastructure in any country relies on energy sources and transmission for proper and safe national operations. A direct cyber shot was delivered to the US oil and gas industry, allegedly by a Russian criminal group known as DarkSide. DarkSide is suspected in the ransomware attack that shut down the US-Georgia based Colonial Pipeline, which immediately created fuel shortages to cars, trucks and the airline industry.
This pipeline attack now has other energy sector officials on edge and scrambling to make sure their critical systems are secure. "It should serve as a warning shot for all the vital infrastructure," said a longtime executive at Exxon who now is a professor at the Kenan-Flagler School of Business at the University of North Carolina at Chapel Hill. The good professor was not surprised the pipeline was targeted. "This thing [cyber-attack] has been coming," he said. "Hackers have been honing their techniques for quite some time now."
While this week's gas crunch in several eastern US states is an inconvenience, a similar attack that hits an electric power grid could replicate a crisis similar to what Texas experienced this past February.[1] One electric company, Duke Energy, is aware of the potential threat and is taking steps to minimize it, said a spokesman. "As a critical infrastructure provider, we are a target, and it is something we deal with on a regular basis," Duke said.
The US North Carolina based utility reports it is constantly working hard to build physical and technological layers, from a diverse fuel supply to systems that can isolate outage areas and reroute power, to shoring up cyber security strategies. "It's a constant battle," Duke said. "It's a constant attempt to stay ahead of those challenges, that we're putting in protections every time that attack gets more sophisticated." In the past, many large companies fended off hackers looking for trade secrets, but the NC university professor is calling ransomware "a new form of threat."
Other critical infrastructure industries are also at risk. Cyberattacks targeted a water treatment plant in Florida and the Onslow Water and Sewer Authority in North Carolina in 2018.
According to the World Economic Forum (WEF), cyberattacks on critical infrastructure posed the fifth-highest economic risk in 2020, and the WEF called the potential for such attacks, "the new normal across sectors such as energy, healthcare, and transportation." Another report noted that such attacks can have major spillover effects. Lloyd's of London and the University of Cambridge's Centre for Risk Studies (UK) calculated the prospective economic and insurance costs of a severe cyberattack against America's electricity system could amount to more than $240 billion and possibly more than $1 trillion.[2] In addition to the financial loss, the loss of life would be severely impacted too.
Red Sky Alliance has been collecting, analyzing and documenting cyber threats for 9+ years and maintains a resource library of malware and cyber actor reports available at https://redskyalliance.org at no charge. This includes reporting on critical infrastructure cyber vulnerabilities. As a reminder, many past tactics are often dusted off and reused in current malicious campaigns – so historical reporting is important. Red Sky Alliance can provide actionable cyber intelligence and weekly blacklists to help protect your network.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.wral.com/pipeline-hack-a-warning-shot-for-electrical-grid-other-infrastructure/19675325/
[2] https://www.darkreading.com/attacks-breaches/critical-infrastructure-under-attack-/a/d-id/1340960