The operations of refineries, pipelines and power grids are prone to being targets, experts said.
All types of critical infrastructure are at risk of attack, including transportation networks, gas and oil rigs, communications channels (radio/TV/internet infrastructure), emergency services (e.g. 911, law enforcement, first responders), and healthcare facilities, Darren Guccione, CEO at Keeper Security, a Chicago-based provider of zero-trust and zero-knowledge cybersecurity software, told TheStreet.
"However, we know all kinds of businesses of all sizes are at risk," he said. "No one should be complacent or assume they will not be targeted because they run a small business. Malicious actors don’t discriminate."
Nation-state actors and unaffiliated “hacktivists” are seeking to make public statements that favor the political-social causes that they sympathize with, Guccione said.
These cyber attackers wanted to prove their alliances even before Ukraine was attacked by Russia. Political-social motives are the "sole reason why cybercriminals choose to attack critical infrastructure," he said. "Cybercriminals who want money attack organizations that have it, like Nvidia. They don’t try to compromise electrical grids. When critical infrastructure is attacked, there are political-social motives at play."
Utilities, transportation networks and hospitals have battled these issues for years and now the war intensified things.
"These attacks are in addition to those perpetrated by cybercriminals who are simply looking for ways to make easy money," Guccione said.
The most basic security protocols are often the ones that are targeted. Even a compromised password gets organizations breached.
Cyber criminals from Russia or other countries could retaliate and attack the energy infrastructure of the U.S., Guccione said.
“Once a cybercriminal has obtained a valid password, for example for the VPN, they hold the keys to the kingdom,” he said. “They can often blow right past firewalls and intrusion detection systems.”
When companies do not segment their network or enforce least privilege principles (zero trust), once a cybercriminal gets into the network, a breach has happened.
"They can go pretty much anywhere and steal whatever they want,” Guccione said. “We’re seeing a real-life example of this unfolding right now with the Nvidia breach.”
Keep an Eye on Vendors
Companies must monitor access and reduce external access as much as possible, Josh Rickard, security solutions architect at Swimlane, a Boulder, Colo.-based provider of low-code security automation, told TheStreet.
“Even systems that have control or manage systems within an industrial control systems (ICS) network should not be exposed to the internet,” he said.
Cyber attacks in the past often started with phishing attempts to users who have access to IT systems, Rickard said.
“Those IT systems have some connection to OT systems, causing a trust/boundary issue,” he said. “This means you need to have a low-code security automation platform to respond to reported phishing emails efficiently and quickly. This is only possible with full-scale automation.”
The UKG/Kronos ransomware attack that affected timekeeping and payroll functions for numerous businesses in late 2021 shows that even systems generally regarded as lower priority to a company can still cause significant disruption, Jacob Ansari, security advocate and cyber trends analyst for Schellman, a Tampa, Florida-based security and privacy compliance assessor told TheStreet.
Businesses need to patch their software, isolate critical systems as much as possible from network access, apply strong network monitoring and control in front of ICS/SCADA systems where endpoint protection isn’t possible and install endpoint protection, John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based digital IT and security operations company, told TheStreet.
Companies need to not only ensure their own house is in order, they need to double check their vendors, contractors and business partners are also exercising adequate security, Guccione said.
“Even if your cybersecurity is comprehensive, if one of your vendors’ security is lax and they get compromised, they can be used as a backdoor into your systems," he said. "Cybercriminals will often look for the weakest link as their main attack vector.”
There are dozens of ways a hacker or group of hackers could target America’s energy infrastructure, including networks, phone systems and websites, in order to disrupt high-level corporate operations or to impact consumers, Brian Contos, chief security officer of Phosphorus Cybersecurity in Nashville, Tenn., that specializes in IoT/OT and other physical systems, told TheStreet.
Vendors and other supply chain companies could be attacked to disrupt key materials and services to the electric grid or oil/gas market without having to destroy a utility or pipeline.