2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks
2023-12-3 18:51:25 Author: securityboulevard.com(查看原文) 阅读量:11 收藏

There are several cybersecurity trends that truly deserve top attention when we look back at 2023 — and they will get it. Meanwhile, cyber attacks against critical infrastructure quietly grow, despite a lack of major attention.   

December 03, 2023 • 

Dan Lohrmann

Adobe Stock/Creative optiplex

As we look back at the 2023 year in cybersecurity, global attention regarding many cyber topics remains elevated, despite a lack of international, headline-grabbing events. We can be thankful that another Colonial Pipeline ransomware event or Equifax data breach or OPM data breach-level incident did not occur so far this year.

Nevertheless, there have been numerous cyber attacks against global critical infrastructure in 2023 that are worthy of added attention as a combined theme.

“State-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure, businesses and homes, a government report said, adding that its new defence agreement with Britain and the U.S. had likely made it more of a target.

“Reports of cybercrime surged 23% to more than 94,000 in the financial year to June, the Australian Cyber Security Centre said in its annual threat report on Wednesday.

“The UK’s National Cyber Security Centre (NCSC) has warned of the ‘enduring and significant’ cyber threats faced by the nation’s critical infrastructure. In its seventh Annual Review, the NCSC highlighted the need for the UK to accelerate work to keep pace with the evolving threat landscape amid a rise of state-aligned groups, an increase in aggressive cyber activity and ongoing geopolitical challenges.”

TimesUnion.com: Cybercrime on ‘critical infrastructure’ increasing, report says

“Cyberattacks are a growing threat to New York’s critical infrastructure, with more than 83 incidents in the first half of this year, a new report from state Comptroller Thomas DiNapoli said. The report said that the state saw more than 25,000 cyberattacks in 2022, up 53 percent from more than 16,400 attacks in 2016.”

Here’s an excerpt from that piece: “A wave of ransomware attacks targeting critical infrastructure in recent weeks is a stark reminder that the ransomware problem will continue to get worse before it slows down — despite the U.S. government’s best efforts.

“Why it matters: In the meantime, hackers will keep disrupting critical services at schools, hospitals, financial service institutions and more.

“Driving the news: Several critical infrastructure organizations are responding to ransomware this week.

  • Some hospitals across the U.S. had to divert ambulances from their emergency rooms and cancel elective procedures throughout the week due to a ransomware attack.
  • The North Texas Municipal Water District is investigating a suspected ransomware attack this week.
  • Ransomware hit Fidelity National Financial, a real estate services company, last week — making it impossible for some customers to pay their mortgages for several days.
  • The Cybersecurity and Infrastructure Security Agency warned right before Thanksgiving that ransomware hackers are still exploiting a vulnerability in a popular Citrix product — months after a patch became available.”

YES, THIS IS A RECURRING THEME

No doubt, we have discussed this critical infrastructure topic many times before. In October of this year, I wrote about AI and critical infrastructure trends: “The Department of Homeland Security is looking to become one of the ‘early and aggressive adopters’ of AI tools within the federal government, and is taking steps to protect critical infrastructure from AI-powered cyber attacks.”

This is also part of the growing nature of nation-state cyber attacks. Cyber war and regional tensions with China, Ukraine and Israelhave all contributed to this challenge, as highlighted by CSO Magazine: “With active kinetic wars in two major global arenas and fears that China is stealthily infiltrating critical infrastructure for future cyber disruption, experts at this year’s Cyberwarcon painted a picture of the growing harm that malicious cyber tools can wreak.”

“In the past year, cyberattacks have touched 120 countries

,

fueled by government-sponsored spying and with influence operations (IO) also rising. At times, nearly half of these attacks targeted NATO member states, and more than 40% were leveled against government or private-sector organizations involved in building and maintaining critical infrastructure. While headline-grabbing attacks from the past year were often focused on destruction or financial gain with ransomware, data shows the predominant motivation has swung back to a desire to steal information

,

covertly monitor communication, or to manipulate what people read.”

One more: Infosecurity Magazine offers this recent piece describing critical infrastructure cyber attacks in detail, including sources and specific modes of attack against governments and private-sector companies.

You can watch this video to learn more about what is being done to address these cyber challenges against critical infrastructure by the Department of Defense and hear an unclassified overview of their new cyber defense strategy.

FINAL THOUGHTS

Next week, this blog will focus on my annual cyber story of the year for 2023, before we get to the top 2024 security predictions from industry companies in two weeks.

To be clear, this above-mentioned list of cyber attacks against critical infrastructure is not the top cyber story of the year. Some could even argue it is not in the top three to five stories of the year for various reasons, but more on that next week. (As an aside, if you want to guess what will be the top cyber story, just go back and read over my blogs since January. You will see a technology and security trend that is undeniable. Indeed, I suspect that most of my regular blog readers already know what the top cyber theme will be for this past year.)

Nevertheless, just as I wrote about in mid-2022 in this blog, there has been a relentless increase in cyber attacks against critical infrastructure this past year that can be compared to “death by a thousand cuts” for businesses and governments globally.

From a positive perspective, the lack of a 9/11 or Cyber Pearl Harbor event is a good thing. We should be glad that this is a “dark horse” cyber topic for a year-end review and not the cyber story of the year.

But no one is celebrating, with fear of more attacks to come.

Cybersecurity

Dan Lohrmann

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

See More Stories by Dan Lohrmann

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/2023s-dark-horse-cyber-story-critical-infrastructure-attacks


文章来源: https://securityboulevard.com/2023/12/2023s-dark-horse-cyber-story-critical-infrastructure-attacks/
如有侵权请联系:admin#unsafe.sh