When one thinks of a Cyberattack, what often comes to mind is the damage done to Web servers and databases. In those kinds of threat vectors, the main goal is to steal a company’s proverbial Crown Jewels, which are the Personal Identifiable Information (PII) datasets of both employees and customers. Ultimately, PII datasets are sold on the Dark Web, where a rather nice profit can be gained.
But Cyberattacks can reach other, non-digital realms as well. These include attacks on Critical Infrastructure aimed at disabling them for long periods of time and to wreak as much havoc as possible. In this regard, Critical Infrastructure includes such avenues as the water supply, oil and gas lines, nuclear facilities, the National Electric Grid, and even the food distribution channels. Believe it or not, such systems are fairly easy for a Cyberattacker to penetrate because they are dated and thus possess legacy security systems which have not been upgraded in a very long time.
Five Famous Attacks on Critical Infrastructure
Let’s look at five well-known Cyberattacks that have taken place against Critical Infrastructure, and which caused serious damage to power, water, and financial systems, as well as nuclear facilities.
- Attacks on the power grids in the Ukraine: This occurred in December 2015, at which time the electric grid still made use of the traditional Supervisory Control and Data Acquisition (SCADA) system, which had not been upgraded in a very long time. This Cyberattack left about 230,000 residents in the Ukraine without power for several hours. Although this threat variant was short-lived, it illustrates the grave weaknesses of the Critical Infrastructure. For example, a traditional Spear Phishing Email was used to launch the threat vector, and just a year later, the same kind of Email was used to attack an electrical substation near Kiev, causing major, long-lasting blackouts.
- Attack on the Water Supply Lines in New York: The target this time was the Rye Brook Water Dam. Although the actual Infrastructure was small, the lasting repercussions from the attack were tremendous, primarily because it was one of the first instances in which a nation state actor was blamed; all fingers pointed towards Iran. The most surprising facet of this Cyberattack was that it occurred in 2013 but was not reported to law enforcement agencies until 2016. Even more striking is that the Malicious Threat Actors were able to gain access to the command center of these facilities by using an ordinary dial-up modem.
- Impacts to the ACH System: Although the global financial system may not directly fit into the classic definition of a Critical Infrastructure, any Cyberattack against it can have a serious impact. In one example, the SWIFT Global Messaging system was the primary target. Through this heavily-used system, banks and other financial institutions provide details about the electronic movement of money, including ACH, wire transfers, etc. The SWIFT system is used worldwide, with almost 34 million electronic transfers making use of this infrastructure annually. In February 2016 the Lazarus Cyberattack group, originating from North Korea, were able to gain a foothold into the banks by using hijacked SWIFT login username and password combinations. This attack has been deemed one of the first of its kind on the international banking sector.
- Damage to Nuclear Facilities: Probably one of the best-known Cyberattacks on this kind of infrastructure took place in July 2017 against the Wolf Creek Nuclear Operating Corporation, located in Kansas. Spear Phishing Emails were leveraged against key personnel who worked at the facilities and who had specific control and access to the controls at the nuclear facility. Although the extent of the damage has been kept classified, this situation clearly demonstrates just how vulnerable US-based nuclear facilities are. For example, if a Cyberattacker were to gain access into such a facility, they could move in a lateral fashion to other nuclear power plants, causing a cascade of damage with the same or even greater impact as a thermonuclear war.
- Attack on the Water Supply: The most well-known attack of this kind took place in Oldsmar Florida in February 2021. Although the details of this Cyberattack are still coming to light, it is suspected that the hacker was able to gain control by making use of a Remote Access tool, such as Team Viewer. But there were other grave weaknesses in the infrastructure as well, including a very outdated Operating System (OS) and very poor password enforcement (e.g., not creating long and complex passwords and changing them frequently). In this instance, the goal of the Cyberattacker was not just to cause damage to the Water Supply system, but to also gravely affect the health of the residents that drank the water, by poisoning it with a chemical based lye. Luckily, an employee quickly noticed what was going on and immediately reversed the settings that had been put into motion by the Cyberattacker. It still isn’t known whether this hack occurred from within the US or from another country. If it is the former, it will raise even more alarm bells that domestic-based Cyber attackers pose just as grave a threat to our Critical Infrastructure as do nation state actors.
While this article has provided a sampling of some major Cyberattacks, it illustrates one very alarming fact: Through a basic threat variant, such as that of Phishing Emails, catastrophic damage to Critical Infrastructure can occur simultaneously, with results that are potentially far deadlier than those of 9/11.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.