The most recognized critical infrastructure attacks, let’s take a look at these attacks and their particular characteristics; as well as the dangers they pose!
There are many cases in which one or several cyber attackers have organized to attack the security and privacy of thousands of people around the world; from ordinary people to important political figures such as Hillary Clinton; but what happens when these cyber attackers want to take their attacks to the next level; and set their sights on more interesting targets such as Critical Infrastructure ? In this article we will learn about some cases where such infrastructures were unlucky enough to be the perfect target for cybercriminals.
There are several options that we could use to define what Critical Infrastructures are. In this case we will use a definition provided by the National Center for Infrastructure Protection and Cybersecurity (CNPIC) in Spain:
“They are strategic infrastructures, which provide essential services and whose operation is indispensable and does not allow alternative solutions; so their disruption or destruction would have a serious impact on essential services”. In other words, we could say that they are all those infrastructures whose systems; means and services are fundamental for the progress of society; and those that ensure continuity in the normal operation of the services provided by states and public administrations.
Critical infrastructure strategic sectors
1. Food (production, storage and distribution).
2. Water (treatment and networks, storage).
3. Financial and tax system (banking, securities and investment).
4. Health (health sector and infrastructure).
5. Nuclear power plants (production, storage, transport of dangerous goods, nuclear and radiological materials).
6. Power plants and networks (production and distribution).
7. Transportation (airport, railroads and public transportation networks, traffic control systems).
8. Chemical industry (production, storage and transport of dangerous goods, chemical materials).
9. Administration (utilities, information networks, major assets and national heritage monuments).
Now that we know a little better the concept of Critical Infrastructures. Let’s go through history to learn about some of the most famous cyber-attacks that have taken place in recent years.
critical infrastructure, attack on Natanz, Iran – 2010
We could not start this compilation of cyber-attacks without mentioning the famous case of Stuxnet; a computer worm that managed to enter the facilities of a nuclear power plant in Natanz, Iran. All via an infected USB stick. This malware attacks PLC software used in SCADA (supervisory control and data acquisition) systems; to monitor the operation of the centrifuges that were responsible for separating the different types of uranium; and thus isolate the enriched uranium that is essential for energy and for nuclear weapons.
Once Stuxnet managed to take over these centrifuges it altered the speed of the machines causing them to spin extremely fast; eventually causing about 1000 centrifuges to disintegrate, thus significantly delaying Iran’s nuclear program.
Ukraine – 2015
December 23, 2015; thousands of people across Western Ukraine suffered a prolonged power outage due to a cyber attack that implemented several cyber weapons; among those the Black Energy malware. The incident began when an employee of the power plant received an apparently harmless email asking him to click on an attached document.
What the employee did not realize was that by doing so he would be opening a back door through which the Trojan malware would enter, thus giving control to the cybercriminals who would later do their part to leave an entire sector without electricity for more than 6 hours. As if that were not enough, this type of malware has evolved to expand the number of victims and not only attack power plants, it has been seen to be involved in banking fraud, spam distribution, and even politically motivated electronic espionage.
Florida, USA – 2021
The Oldsmar municipality water treatment plant, on the west coast of Florida, joined the list of victims affected by cyber-attacks. In this case the cyber attacker managed to circumvent the weak security system of the treatment plant as all computers accessed with the same password.
The cybercriminals managed to take control of the treatment plant’s SCADA system and then alter the levels of sodium hydroxide; also known as caustic soda present in the water. Caustic soda is a chemical often used in a controlled manner in this type of industry to maintain proper pH levels; but if used in inappropriate amounts it can cause skin burns, hair loss, inhalation poisoning, and even death. Fortunately, the operators managed to notice the exaggerated amounts of caustic soda in the water and solved the problem; thus thwarting the cybercriminals. But this incident still demonstrates the danger of not having proper safety systems in place in these types of industries.
USA – 2021
In mid-May 2021, a cyber-attack on JBS, the world’s largest meat producer, took place. This huge company was the victim of nothing more and nothing less than a ransomware, this malware is created with the aim of blocking or denying access to a user or organization to their computer files in order to demand large amounts of money in exchange for the recovery of access to such information.
This incident led to the closure of its entire beef processing operation in the United States, an alarming fact considering that the North American market represents approximately 50% of JBS’s revenues. The U.S. government blames the attack on REvil, a criminal organization believed to be based in Russia. JBS was forced to pay more than US$10 million for the recovery of its data.
USA – 2021
August 3, 2023, on this date the healthcare services company Prospect Medical Hostings was the target of a criminal group that managed to spread terror in the 16 hospitals belonging to this company. Using ransomware, the cybercriminals threatened to hijack the hospitals’ database in exchange for a large sum of money. This incident forced the company to shut down its systems in all its hospitals to prevent the spread of the attack, as a result, several patients’ treatments were suspended, emergency rooms were closed, and ambulances were sent to other healthcare centers. All this put the lives of thousands of people at risk until the situation was brought under control.
As we go through history and learn about several cases of cyber-attacks on Critical Infrastructures, we realize that it is not only the reputation or reliability of the victim companies that are at stake, there is an extremely important element at stake: human lives. Year after year we have seen how cybercriminals have evolved their malicious tactics to continue to torment those unlucky enough to fall into their clutches. It’s hard to know exactly why they attack, sometimes to destabilize, sometimes to gather sensitive information, sometimes for financial reward, and sometimes just to draw attention, to let us know they are here and what they are capable of.
It is very likely that these types of crimes will continue to happen over the years, and cyberattackers have let us know that there is apparently no one who is completely immune to them. All of this has led to increased concern about such incidents, and the issue of cybersecurity has become more prominent globally. The frequency and impact of cyber-attacks on Critical Infrastructures will unfortunately continue to increase. That is why we are forced to significantly improve our cybersecurity systems in order to successfully deal with a real, relentless, and pressing risk.