Critical Infrastructure Attacks Remain A Major Threat High Security Author Warns

From Shadow Accord
Jump to: navigation, search




What's happening
America's enemies are increasingly targeting critical infrastructure with cyber assaults, a top investigative safety journalist says.


Why it issues
A cyberattack that shuts down an oil pipeline or hospital may affect thousands and thousands of individuals and put lives in danger.


Last yr's ransomware assault on Colonial Pipeline may have been prevented if the folks attempting to guard its pc systems had taken fundamental precautions and saved their eyes open for signs of an assault, a high cybersecurity journalist said Thursday.


Investigative reporter Kim Zetter stated attacks targeting the world's oil pipelines, energy and water remedy plants, and essential pc techniques have risen dramatically since the discovery of the Stuxnet worm in 2010. Stuxnet reportedly destroyed numerous centrifuges in an Iranian uranium enrichment facility and was later modified to target services together with water remedy plants, energy plants and fuel strains.


Zetter made the feedback in a presentation at the Black Hat computer hacking conference in Las Vegas. Zetter, a longtime safety reporter for Wired and other publications, is also well known for her e-book Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, which detailed the assault.


The unique Stuxnet attack, which is extensively accepted to be the work of the US and Israel, was first discovered by a Belorussian security researcher and later unraveled by others on the cybersecurity firm Symantec.


It set off a "cyber arms race" amongst nations, Zetter stated, and "heralded the militarization of cyberspace."


"Stuxnet demonstrated the viability of resolving geopolitical conflicts by cyberattacks, and all of the sudden everyone needed in on the sport," Zetter advised the group, adding that while only a few nations had offensive hacking applications earlier than, others quickly launched their very own operations.


Attackers still see an upside in going after important infrastructure, she stated. Some components of critical infrastructure, such because the highly regulated electrical energy business, have boosted defenses in response. But protections for much of the realm have develop into extra complicated without enhancing safety.

The Colonial Pipeline hack is a major instance of the latter development, Zetter said.

For instance, Colonial quickly paid a multi-million-dollar ransom after its computer system was taken over by ransomware, a payment that shocked observers who assumed an oil-and-fuel pipeline would have simple to entry backups of its knowledge. The company, nevertheless, wasn't prepared for such an event.


Colonial Pipeline CEO Joseph Blount later testified earlier than a Senate committee that its response plan didn't cover ransomware attacks, Zetter stated, even supposing vital infrastructure attacks had been documented for a number of years at that point.

"The indicators were there if Colonial Pipeline had appeared," she said.

When contacted for remark, a spokesman for Colonial pointed to Blount's comments throughout his Senate committee look, noting that the CEO testified that the corporate did have good knowledge backups, however it took days for it to undergo them.


Zetter famous that researchers at Temple University had documented lots of of attacks on important infrastructure the year earlier than, while main cybersecurity companies also had reported increased focusing on of these kinds of techniques. In 2020, インフラエンジニア 学習 the Cybersecurity and Infrastructure Safety Company issued a report warning of ransomware attacks particularly in opposition to pipelines.


The attackers got through Colonial's virtual private network using an employee password that had been used on one other community and wasn't protected with multi-factor authentication, which would have required those attackers to provide a second type of identification along with the compromised password.


After the ransomware locked up Colonial's techniques, the corporate was forced to shut down its operations for almost per week. The information sparked panic shopping for and drove up costs for customers, though there was no scarcity.


Following the assault, CISA issued a long checklist of security tips for industrial control systems. The recommendations were similar to those given earlier than the attack, but Zetter mentioned the Colonial Pipeline hack had made it clear that the rules weren't being followed.


A 12 months after Colonial, Zetter stated the menace against critical infrastructure remains excessive and now contains America's election system. Some states nonetheless use voting machines that don't embody paper printouts that can be used in the event of a recount. Safety consultants have lengthy called for voting machines to include tamper-proof redundancies, similar to printouts.

Learn Extra:

A Yr After Colonial Pipeline, Risk of Ransomware Attacks Looms

Colonial Pipeline CEO tells Senate resolution to pay hackers was made shortly

Ransomware Continues to Dominate Cyberattacks, Verizon Report Says

Retrieved from "http://shadowaccord.nwlarpers.org/index.php?title=Critical_Infrastructure_Attacks_Remain_A_Major_Threat_High_Security_Author_Warns&oldid=806449"