Experts in national defense and security have long anticipated that future warfare will not involve firearms, but use code designed to disable services that people rely on every day. Security experts’ biggest concerns were realized in May 2021, when the Colonial Pipeline was breached by a ransomware attack. Gas delivery to most of the US Northeast was suspended nearly immediately. Even though systems were finally restored, the incident today lives in infamy and warns us about the destructive potential cyberattacks can have against critical infrastructure. Similar infrastructure attacks have dominated global headlines since then, and non-state-sponsored threat actors are increasingly carrying out the attacks. Researchers examined the ransomware impact on industrial control systems (ICS) used in critical infrastructure establishments.
The three highest-risk sectors were identified as healthcare, energy, and manufacturing. Additionally, researchers investigated 16 ransomware vulnerabilities and threat actors exploiting them, including Ryuk, Conti, WannaCry, and Petya. With every successful attack, ransomware groups are becoming more daring and targeting companies to inflict the most harm to exploit the crises to maximize extortion. Knowing threat actors and their techniques is crucial to protecting critical industries and keeping operations running smoothly.
Healthcare
Advisories to healthcare providers have been issued by the Cybersecurity and Infrastructure Security Agency (CISA) in response to persistent attacks by ransomware groups, including Black Basta, Quantum, and MountLocker. The unpatched critical vulnerabilities in the healthcare sector can have potentially life-threatening consequences. Nine out of the 16 identified vulnerabilities can harm public health and healthcare systems since they rely on other sectors for continuous delivery and operations service. The most affected vendor is Philips Healthcare, a technology company that creates advanced visualization software for critical imaging equipment, with eight vulnerabilities discovered in its IntelliSpace Portal 9.0. The CVE-2017-0144 and CVE-2017-0147 vulnerabilities need to be fixed quickly because of their high ransomware family associations used in real-world attacks.
Energy
Attacks on energy providers can cause grid outages or inconsistencies in energy supply to households, commercial buildings, or other important service providers. Six vulnerabilities in the energy sector need to be monitored by companies, especially those discovered in Schneider Electric’s products. CVE-2017-6032 and CVE-2017-6034 are vulnerabilities in Schneider Electric’s Modicon Modbus Protocol, an open communication standard utilized across critical infrastructure that result in chain reaction attacks. CVE-2019-18935 and CVE-2020-10713 vulnerabilities discovered in Hitachi ABB Power Grid systems and Hitachi Energy Transformer Asset Performance Management (APM) Edge represent a similar risk level. Network security administrators need to handle them seriously.
Manufacturing
Transportation equipment, machinery manufacturing, electrical equipment, appliance and component manufacturing, and primary metals manufacturing are the four core subindustries that make up the critical manufacturing sector. A quarter of the vulnerabilities included in the investigation affect companies in the manufacturing sector, including Exacq Technologies, Sensormatic Electronics, and Schneider Electric.
How to Stay Protected
Companies are encouraged to remain aware of vendor advisories for the products they use and take steps to arrange vulnerability enumeration by severity. The vulnerabilities take advantage of legacy configurations containing out-of-date software and unsupported end-of-life components. Here are some critical takeaways for keeping their systems and companies safe:
- The most common vulnerability underlying ICS ransomware CVEs is improper input validation. Having proper input screening can help prevent threat actors from infiltrating databases and locking administrators out of their systems.
- Six vulnerabilities, CVE-2018-5391, CVE-2018-10115, CVE-2017-6034, CVE-2017-6032, CVE-2017-7494, and CVE-2020-10713, are missing from the CISA Known Exploited Vulnerability (KEV) list and need to be patched.
- Simulated penetration testing on companies’ systems can reveal hidden entry points that cybercriminals can exploit. Figuring out where companies are most vulnerable can help them prioritize and implement defenses before threat operators can exploit them.
The United States economy is dependent on an integrated infrastructure of energy, health, and manufacturing. Hospitals require energy to function and provide life-saving services, and oil and natural gas refineries provide the necessary to power domestic manufacturing. It’s a wonderful system to appreciate, however, it’s also precious and companies need to take steps to protect it. That’s why it’s important for companies to remain ahead of the latest threat landscape and regularly update their network security systems. At SpearTip, our team of trained security professionals provides a comprehensive, full-scale, end-to-end incident response that will restore companies’ operations immediately with the aid of technical knowledge and on-site expert assistance. Our engineers utilize digital forensics to assess the impact of a breach and decipher the best recovery possibilities. We have cyber experts working continuously at our 24/7/365 Security Operations Center to mitigate future cyber threats. Our ShadowSpear Platform, our integrable managed detection and response tool, was built for incident response and immediately resolves vulnerabilities and to detect advanced ransomware threats.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
