Last month brought several cyber security incidents that targeted critical infrastructure including health care institutions all over the world. Additional interest to the situation was gained as attackers confirmed that they “didn’t mean to do any harm”.
What happened and why is this important?
A brief definition to introduce the subject matter: Critical infrastructure is the body of systems, networks and assets that are so essential that their continued operation is required to ensure the security of a given nation, its economy, and the public’s health and/or safety (TechTarget).
Last year, we already covered the impact of cyber attacks on critical infrastructure. As we explained at the time, an attack on a critical infrastructure can have fatal consequences. Now there have been new incidents in the recent past. The attacks on the U.S. Colonial Pipeline, the Irish and New Zealand healthcare systems, and 150 different government organizations in the U.S. stood out in particular.
As a result, the pipeline, which supplies almost 50% of fuel on the US East Coast, shut down operations and many petrol stations started to impose limits of 20 USD per person to avoid shortages. Nevertheless 7% of petrol stations completely run out of fuel. To restore functionality, the Colonial Pipeline’s CEO decided to pay 4.4 million USD in ransom to the attackers. After receiving the payment, the attackers said that their actions did not have any political background and that they did not intend to cause any problems to the wider society, claiming they will considerate the “common good” in their future attacks, which raised a significant consternation globally. Resposnible for the attack is apparently DarkSide, a Ransomware-as-a-Service (RaaS) operator. It is a cyber-business solution, where the core DarkSide team earns 20-30% of a ransom payment, and the rest goes to the affiliate who conducted the attack.
At the beginning of May, also Germany-based Chemical distribution company Brenntag paid a 4.4 million ransom to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.
Targeting healthcare systems
In Ireland, the attackers targeted the healthcare system. The cyberattack resulted in access to all patient health data being blocked. Several health checks and lab tests had to be done manually and the results were written down with pen and paper. The incident was described as a “major disaster.” The attackers in this case demanded $20 million. In the end, however, the criminals gave out the software tool for free. The Irish government is now in the process of testing the tool. It explicitly points out that the government did not and will not comply with the hackers’ ransom demand.
In New Zealand, the healthcare system was also attacked and caused the system to shut down. Even after two weeks, the situation has not fully returned to normal.
Another critical infrastructure attack took place in the US only a few days ago, and it is said to be an attack on governmental organisations. At the moment of writing, the results remain yet unknown.
What to do in such situations?
In the cases described above, the incidents ended relatively well, but it is important to remember that most attacks do not result in the attackers showing any mercy, apologizing to the victims, and fixing their systems. There are also the massive costs to consider. Since attacks on Critical Infrastructure can personally affect every civilian, it is worth seeing what lessons we can learn. Even though small and medium-sized businesses are often just one part of the chain, they can play an important part in the course of the cyberattack and cause entire infrastructures to collapse.
We recommend:
- Employees play a critical role in the prevention of cyber threats. Thus, the proper prevention policy and employees training is essential.
- Misconfiguration of the system and its vulnerabilities are like open doors for attackers. Do not hesitate to ask experts for help in setting up your secure system.
- If you become a victim of the attack, disclose it immediately. Keeping the information secret let attackers to continue their activity. Disclosing the attack may protect other parts of the “supply chain” as well as your customers.
- Follow up with Perseus updates and if you have any questions, please reach out to us.