Recently, the railway infrastructure in Belarus was targeted by hacktivists with political motivation. While the exact impact of the attack is still unknown, the group behind the attack has posted screenshots to show the extent of the breach as well as the systems impacted. The hackers have claimed that parts of the network have been encrypted and access to such systems is now being controlled by them.
There is also no information on how the Belarus government is dealing with this cyberattack. Very less news, if any is trickling in.
Attack on Belarus railway marks a new frontier for hackers
In addition to APT and APT-supported groups, hacktivists will now emerge as another set of groups that critical infrastructure security teams will have to worry about.
As things stand, today, critical infrastructure is already suffering from a series of cybersecurity challenges including:
- Use of legacy devices with very little or no patching support
- Networks operations that do not support the level of insight needed to prevent lateral movement of malware
- Previously undetected malware infections may have already opened many doors for subsequent infections
- Infrequent vulnerability scans
- Commercially available information on Zero-day exploits that are sold openly
- Unprotected IT-IoT and OT converged zones
- Facilities and networks operating with outdated or less than adequate threat intelligence
- Constant addition of untested systems or systems that are not hardened enough for security
- Use of devices with firmware trojans
- Undetected insider activity
The problem is compounded by the level of attention critical infrastructure is receiving from hackers globally. In addition to state-sponsored hackers, independent groups, hacktivists, and anyone with a sound knowledge of hacking techniques (and an axe to grind) could potentially harm critical infrastructure including ports in the maritime sector, oil and gas pipelines and refineries, railways, data centers, public information infrastructure, critical industrial facilities and more.
By analyzing data for the last 3 years, we expect cyberattacks on critical infrastructure to rise significantly in 2022. There are other reasons to consider for coming to this conclusion, including:
- Increasing APT activity in regions that are witnessing geopolitical conflicts including the Middle East, South Asia, ASEAN region, and Eastern Europe
- Rising hacktivism across the globe
- Unpatched weaknesses in critical infrastructure
- The widespread availability of sophisticated malware
- Pending digital infrastructure upgrades (large sections that are still hosting legacy OT components)
With hacktivism, critical infrastructure operators will now have to watch out for one more form of threat. They will also have to now work towards securing their infrastructure from persistent sophisticated attacks that could suddenly emerge from the digital noise around them.
How vulnerable is your critical infrastructure? Sectrio recommends critical infrastructure operators conduct a self-assessment exercise to nail their cybersecurity gaps and address them. We have a readymade toolkit available for this purpose that you can download here: Self Assessment Tool
Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Planning to upgrade your cybersecurity measures? Talk to our critical infrastructure security expert here: Reach out to sectrio.
Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center