Why ransomware is the biggest threat to our critical infrastructure

Many currently manage their home heating, lighting, and entertainment using their smartphone or voice. Over the next decade, almost every new appliance will have a permanent connection to the internet. The digital transformation of everyday life can be found in everything from toasters to doorbells.

With a smartwatch strapped to our wrists monitoring our heart rate and a smartphone in our hand tracking our every communication, and location in real-time, many are already fully subscribed members of the connected lifestyle. As businesses and authorities race to keep up with our rising expectations, they could be introducing more problems than solutions to our lives.

The end of moving fast and breaking things

The problem with Silicon valley's mission to move fast and break things is that it fails to identify the serious consequences it creates along the way. Businesses that still have the scars from fighting BYOD and shadow IT can now be seen battling the threats that IoT devices have brought to their corporate network.
However, the problems at hand are even bigger than social impact, ethical responsibilities, and protecting businesses from being a hostage to ransomware. We are only just beginning to understand the creation of dangerous or deadly situations caused by bringing our critical infrastructure online.

When bringing everything online, are we unwittingly creating vulnerabilities to our critical infrastructure and where we live?

Ryuk ransomware targets hospitals

Hospitals are increasingly battling cyberattacks that threaten patient care at a time of increased COVID-19 hospitalizations. A computer virus has already been blamed for a patient's death in Germany. Unscrupulous cybercriminals can target everything from MRI machines, ventilators, and even connected microscopes.

In a pre-covid world back in 2017, it was the WannaCry ransomware attack that became a global epidemic. More than 400,000 machines were infected across at least 150 countries, costing around $4 billion. Ryuk followed and first appeared in August 2018, but it was based on an older program called Hermes and it has continued to evolve in a virtual game of cat and mouse with security firms.

The delivery method of Ryuk came in the form of phishing emails that contained links to infected Google Drive documents. Unsuspecting users would then install malware onto their machine. But attacks continue to switch tactics and inevitably pivoting away from Google drive-hosted files would make it difficult for businesses to keep up with new methods of delivering an attack.

In October, the FBI warned the healthcare industry that ransomware such as Ryuk is still actively targeting the entire public health sector.

Critical infrastructure under attack

The Cybersecurity & Infrastructure Security Agency (CISA) reported that sixteen sectors, including government facilities, nuclear, transportation, and water systems, are targets for attackers. Threats are increasing in parallel with our increased dependency on remote working and IoT devices.

Plunging cities into darkness became a reality when an attack was performed on a Ukrainian power grid back in 2015. More recently, in the US, a natural gas operator was forced to shut down after being infected by ransomware. Once again, a combination of phishing emails and security lapses enabled attackers to pivot from the facility's IT network to the facility's OT network.

The US maritime transportation facility and two cities in Florida were also held hostage by ransomware.

As global tensions rise, state-sponsored cyberattacks on governments will continue to exploit national infrastructure vulnerabilities and run the risk of becoming the norm.

A much-needed wake-up call

The challenges are now much more serious than the feeling that your smart home has betrayed you. According to Microsoft, many businesses squeezed two years of digital transformation initiatives into just a few months this year. Entire cities and nations are only just waking up to the vulnerabilities created by moving fast without considering the security implications ahead.

Predictably, the critical infrastructure protection market is expecting exponential growth over the next five years. But where do we go from here? Many have unwittingly created a much larger threat surface in rushing in, which has also created unintended consequences and vulnerabilities.

We know that the preferred delivery method of attack is typically through infected links, websites, and email attachments. Businesses and those managing critical infrastructure need more than a box-ticking exercise every 12 months to meet compliance requirements. Continuous education is essential in the protection from security breaches and cybercrime.

Will accepting that state-sponsored cyberattacks are one of the biggest threats in 2021 be enough to finally banish the myths associated with ransomware? By building a security-conscious culture combined with reactive and proactive countermeasures, leaders can begin to remove vulnerabilities in a digital world that is continuously under attack.