Blog

Critical infrastructure faces a new kind of cybersecurity challenge

By |

Recently, the railway infrastructure in Belarus was targeted by hacktivists with political motivation. While the exact impact of the attack is still unknown, the group behind the attack has posted screenshots to show the extent of the breach as well as the systems impacted. The hackers have claimed that parts of the network have been encrypted and access to such systems is now being controlled by them.  

There is also no information on how the Belarus government is dealing with this cyberattack. Very less news, if any is trickling in.   

Attack on Belarus railway marks a new frontier for hackers  

In addition to APT and APT-supported groups, hacktivists will now emerge as another set of groups that critical infrastructure security teams will have to worry about.

As things stand, today, critical infrastructure is already suffering from a series of cybersecurity challenges including: 

  • Use of legacy devices with very little or no patching support  
  • Networks operations that do not support the level of insight needed to prevent lateral movement of malware  
  • Previously undetected malware infections may have already opened many doors for subsequent infections  
  • Infrequent vulnerability scans  
  • Commercially available information on Zero-day exploits that are sold openly  
  • Unprotected IT-IoT and OT converged zones  
  • Facilities and networks operating with outdated or less than adequate threat intelligence
  • Constant addition of untested systems or systems that are not hardened enough for security  
  • Use of devices with firmware trojans  
  • Undetected insider activity

The problem is compounded by the level of attention critical infrastructure is receiving from hackers globally. In addition to state-sponsored hackers, independent groups, hacktivists, and anyone with a sound knowledge of hacking techniques (and an axe to grind) could potentially harm critical infrastructure including ports in the maritime sector, oil and gas pipelines and refineries, railways, data centers, public information infrastructure, critical industrial facilities and more.  

By analyzing data for the last 3 years, we expect cyberattacks on critical infrastructure to rise significantly in 2022. There are other reasons to consider for coming to this conclusion, including: 

  • Increasing APT activity in regions that are witnessing geopolitical conflicts including the Middle East, South Asia, ASEAN region, and Eastern Europe 
  • Rising hacktivism across the globe  
  • Unpatched weaknesses in critical infrastructure  
  • The widespread availability of sophisticated malware  
  • Pending digital infrastructure upgrades (large sections that are still hosting legacy OT components)  

With hacktivism, critical infrastructure operators will now have to watch out for one more form of threat. They will also have to now work towards securing their infrastructure from persistent sophisticated attacks that could suddenly emerge from the digital noise around them.  

How vulnerable is your critical infrastructure? Sectrio recommends critical infrastructure operators conduct a self-assessment exercise to nail their cybersecurity gaps and address them. We have a readymade toolkit available for this purpose that you can download here: Self Assessment Tool  

Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence

Planning to upgrade your cybersecurity measures? Talk to our critical infrastructure security expert here: Reach out to sectrio.

Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center

Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
Critical infrastructure faces a new kind of cybersecurity challenge - Sectrio

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Ot and iot security standards and best practices for ciso's
Critical infrastructure faces a new kind of cybersecurity challenge - Sectrio

Download our CISO IoT and OT security handbook  

Gain insights from the largest ot and iot focused honeypot network - sectrio
Critical infrastructure faces a new kind of cybersecurity challenge - Sectrio

Access our latest Global Threat Landscape report  

Share:
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio