Any critical infrastructure that relies on IT is vulnerable to cyber attacks, which can threaten vital services, from food and agriculture to communications. The stakes are high when life is at risk, but it’s also costly to repair the damage - the SolarWinds hack, for instance, is estimated to have cost more than $100 billion to recover from (to put that figure into perspective, that’s more than Germany spends each year on its military).
Given the high stakes, let’s look at 11 of the top cyberattacks on critical infrastructure and learn what could have prevented them.
- TRITON malware attack: A malware attack which allowed hackers to manipulate the industrial safety systems in a Saudi petrochemical plant, which could have led to a toxic gas leak. The attack vector was spear phishing, which could have been prevented by more frequent audits and better communication with suppliers.
- Taiwan’s state-owned energy company, CPC Corp.: This attack targeted the state-owned energy company of Taiwan. Although energy production was not impacted by the attack, some of the company’s payment systems shut down. Segregating IT from the OT networks combined with access management could have prevented the attack.
- Israeli water systems: This attack targeted control systems of Israel's water system, attempting to raise chlorine levels in Israel’s water systems to dangerous levels (which ultimately failed). This could partly be traced back to poor password management, reinforcing the importance of basic yet still overlooked security measures.
- Nippon Telegraph & Telephone (NTT): NTT, the fourth largest telco in the world, suffered a breach that affected 621 of its corporate clients. NTT believes that AI and machine learning tools were used to carry out the attack on its on-premise and cloud infrastructure. The attack originated on public-facing websites. Routine security checks and additional security controls could have prevented such an attack.
- Moderna: Moderna, a biotech company at the forefront of developing a COVID vaccine was targeted by nation-state hackers. The attackers singled out users with expanded security authorizations and targeted vulnerabilities in a web development software. Regular security and code reviews, as well as collaborating with government agencies, might have prevented the attack.
- Unnamed US natural gas operator: The communications and control resources of the US gas operator suffered from a ransomware attack. The attackers used a spear phishing link to gain access to the network. The plant did not lose control of its operations but had to shut down for multiple days. Separating OT from the IT network would have helped thwart the attack.
- Ukraine’s power grid: The attack left around 700.000 Ukrainians without power in the middle of winter. The attackers used a multitude of tools and tactics to succeed, including KillDisk, spear phishing, credential theft, VPN, remote access exploits and DoS telephony attacks. Segmenting networks from each other, enabling logging on IT and OT equipment, and implementing network monitoring are all critical strategies for defending against this type of attack.
- San Francisco’s MUNI light-rail system: This attack shut down the ticketing system, giving customers free rides for days. No customer data was lost, and backups helped the transit authority recover. Patching and security audits could have prevented such an attack.
- Iranian Cyber Attack on New York Dam: Iranian state-backed attackers breached the SCADA systems of the Bowman Dam in New York. Fortunately, the attackers were able to access only a small sluice gate, but expertly controlled the SCADA controllers. Keeping the SCADA controller strictly separate from the internet would have made it more difficult for the attackers.
- Unnamed American Water Authority: This attack unfolded in unexpected ways. Instead of disrupting the water supply (or changing the chlorine levels), attackers used the cellular routers to raise the cellular data bills from $300 monthly to $50,000 over a two-month period.
- Colonial Oil Pipeline: The ransomware attack on the Colonial Oil Pipeline forced the company to shut down its network, leaving much of the US’s East Coast without gas and raising prices nationwide. The company was forced to pay the hackers $5m in cryptocurrency. Possible causes of the attack include an employee falling for a phishing scam or an unpatched vulnerability.
