Top 5 critical infrastructure cyberattacks

In recent news, the University of Zurich has been hit with a cyberattack linked to a spate of attacks on educational and medical facilities in the region. “The perpetrators appear to be acting in a very professional manner and are part of a current accumulation of attacks on education and health institutions,” the University of Zurich stated.

While the good news is that the attack was largely unsuccessful, it still did damage. The university was forced to isolate parts of its IT system and delayed access to online resources for staff and students. 

Even more troubling is that this seems to be a trend. Several attacks have been carried out on European universities in recent weeks, disrupting their service delivery. Last year, the University of Neuchâtel was hacked by malicious software, and In 2021, the Swiss town of Rolle was hacked, and their data were stolen. A group called ‘Vice Society’ claimed responsibility, threatening to target other municipalities and hospitals - and their threat seems to be backed up.

Public institutions and critical infrastructure are quickly becoming top targets for cybercrime around the world, and this can have detrimental effects on the countries, organizations, and people that rely on them. Already, they’ve been the reason for nationwide power outages, the catalysts for invasions, and even the cause of death in extreme cases.

In this blog, we’ll explore why this is happening and what you can do about it as we explore the top 5 cyber attacks on critical infrastructure.

Why are cyberattacks targeting critical infrastructure?

For years, cyberattacks have targeted individuals and companies, hoping to catch them unprepared and mining data. However, cybercriminals have evolved and identified new opportunities ripe for profit. 

People, as well as infrastructure, have become increasingly more reliant on connectivity. More than 90% of critical infrastructure workers reported at least one security incident in the last 12 months. With every connection they make, their vulnerability to attack rises. The remote working and IoT revolution in the workplace has only hastened this prospect, opening up ever more opportunities for cybercriminals to strike.

Nearly three-quarters of IT security experts are more concerned about critical infrastructure attacks than enterprise breaches. As you can expect, governments, enterprises, and regulators have all pushed for increased spending on cybersecurity measures to prevent the devastating effects cybercrime and warfare can have on critical infrastructure. 

Let’s take a look at a few of the more notable examples.

Triton malware attack, 2017

Threat: Explosion, toxic gas release
Suspected perpetrator: Russia
Instigator: Misconfiguration attack, spear phishing

One of the most potentially dangerous cyberattacks on industrial infrastructure, the Triton Malware Attack, nearly caused a massive explosion. The attack was discovered in a Saudi petrochemical plant and allowed hackers to take over the plant’s safety systems.

The suspected intention was to overload the safety checks or release toxic gas purposefully designed to cause loss of life. Later, it was discovered that the attack was state-sponsored by a Russian federal institute which gained the opportunity after a successful misconfiguration attack. Alternative theories suspect that spear phishing was the initial attack vector. 

Either way, the Triton Malware Attack is a good example of how cyberattacks can lead to massive destruction if left unchecked.

Israeli water, 2020

Threat: Compromised water systems, chlorine poisoning 
Suspected perpetrator: Unknown
Instigator: Unfamiliar-network-connected device

During the peak of Covid-19 and an unrelenting heatwave, Israeli water systems endured multiple cyberattacks designed to compromise the control systems for pumping stations, sweet systems, wastewater plants, and agriculture pumps.

Though the attacks were unsuccessful, they aimed to spike chlorine and other chemicals to harmful levels into public water, disrupting supply at a critical time for Israel. Had the attack been successful, civilians would further overload hospitals, farmers would unwittingly destroy their crops, and further implications would ravage the country during a pandemic.

Ukraine’s power grid, 2016

Threat: Power Outages, lack of heating
Suspected perpetrator: Russian hacker group ‘Sandworm’
Instigator: DDoS, Spear phishing, BGP hijacking

In the middle of winter, half the population of a region in Ukraine (700,000 people) found themselves without power. The reason was due to a malware attack that had gained entry to the nation’s power facility after a barrage of DDoS, spear phishing, and BGP hijacking attacks.

Purportedly by Russian hacker group ‘Sandworm’, the attack caused complete power failure for 6 hours in temperatures of  -5 degrees Celsius. Companies, as well as private individuals, bore the brunt of the attack suffering disruptions to business and their daily lives.

Colonial oil pipeline, 2021

Threat: $5 million ransom, oil and gas shortages
Suspected perpetrator: Russian hacker group DarkSide
Instigator: Unknown 

Colonial Oil, the largest pipeline in the US, was hit with a massive targeted ransomware attack. The pipeline, which supplied over 45% of the East Coast’s gas, diesel, and jet fuel, was forced to shut down its operations entirely. It took the pipeline 11 days to partially recover after the company ended up paying $5 million dollars in ransom. 

While the initial instigating attack or vector is still unknown, the effects of the attack are. By the end of the attack, nearly 11,000 gas stations were still out of gas, and the average cost for fuel per gallon rose nationally, the highest cost in over 6 years.

KillNet, 2022-2023

Threat: Disruptions to health, energy, and defense sectors
Suspected perpetrator: Pro-Russian hacker group KillNet
Instigator: DDoS

KillNet has led a slew of sustained DDoS attacks at Ukrainian allies since the start of the conflict. More recently, they have targeted US and Dutch hospitals for aiding in the defense of Ukraine from Russia and taken down Lithuania’s power grid in unprecedented DDoS strikes. They also struck over a dozen US airports, canceling flights and disrupting operators. 

KillNet has been a vocal supporter of Russia’s war in Ukraine, using DDoS attacks as its primary weapon to disrupt operations in allied countries. While DDoS itself is not threatening to many systems, it has been used as a cover for more serious malware attacks.

A way forward with SCION

While connectivity has become our greatest strength, it’s also become our greatest vulnerability. With critical systems and infrastructure being connected and reliant on one another, malicious parties only need to infiltrate one connection to cause massive damage.

Thankfully, there is another way for nations to combat the surge of cyberattacks on critical infrastructure. SCION elevates sensitive data communications and connections beyond the opportunity of attack for cybercriminals. By operating off of a rock-solid ISD, organizations, federal institutions, and public infrastructure can operate safely, with bad actors completely unaware of their presence.

In this way, SCION effectively renders your data and communication invisible to users who have no business reading it. 

If you’re ready to take the security of your business, organization, or critical infrastructure seriously, contact Anapaya for more information on SCION.