Cybersecurity | IT Protection | Attack Vectors
Over the past month, there have been several cybersecurity incidents targeting critical infrastructure, including healthcare facilities, around the world. It is particularly interesting that the attackers stated that they “do not want to cause any damage”.
What exactly happened and why is it relevant?
A brief definition to classify the topic: Critical infrastructures are the totality of systems, networks and facilities that are so important that their continuous operation is necessary to ensure the security of a particular nation, its economy and the health and/or safety of the public (TechTarget).
Last year, we had already reported on the impact of cyberattacks on critical infrastructures. As already described at the time, an attack on a critical infrastructure can have fatal consequences. Now there have been new incidents in the recent past. The attacks on the US Colonial Pipeline, on the Irish and New Zealand health systems and on 150 different government organizations in the USA stood out in particular.
The attacks on the American pipeline, which supplies almost 50% of the fuel on the US East Coast, caused it to cease operations and many gas stations were forced to impose restrictions of $20 per person to avoid shortages. Despite this, 7% of petrol stations ran out of fuel completely. To restore functionality, the CEO of Colonial Pipeline decided to pay the demanded ransom of $4.4 million to the attackers. After receiving the payment, the attackers stated that their actions had no political background and that they did not intend to cause problems for society. DarkSide, a ransomware-as-a-service (RaaS) operator, is apparently responsible for the attack. This is a cyber business solution where the DarkSide core team earns 20-30% of a ransom payment and the rest goes to the partner who carried out the attack. In early May, Germany-based chemical distribution company Brenntag also paid a $4.4 million ransom to the DarkSide ransomware gang to obtain a decryptor for encrypted files and prevent the threat actors from making stolen data publicly known.
Targeting health systems
In Ireland, the attackers targeted the health system. The cyberattack led to access to all patients’ health data being blocked. Several health checks and laboratory tests had to be carried out manually and the results were written down with pen and paper. The incident was described as a “great disaster”. In this case, the attackers demanded 20 million USD. In the end, however, the criminals released the software tool free of charge. The Irish government is now in the process of testing the tool. It explicitly points out that the government has not complied with the hackers’ ransom demand and will not do so.
In New Zealand, the health system was also attacked and caused the system to shut down. Even after two weeks, the situation has not yet fully normalized.
Another attack on critical infrastructures took place just a few days ago in the USA. This is said to be an attack on government organizations. At the time of writing this blog post, the details are still unknown. As soon as more details are announced, we will inform you here.
What to do in such situations?
In the cases described above, the incidents ended relatively well, but it is important to remember that most attacks do not result in the attackers having an understanding, apologizing to the victims, and fixing their systems. The massive costs must also be taken into account. Since attacks on critical infrastructure can affect every civilian personally, it is worth seeing what lessons we can learn from them. Even though small and medium-sized companies are often only part of the chain, they can play an important part in the course of the cyberattack and lead to the collapse of entire infrastructures.
We recommend:
