Lessons Learned from Cyberattacks on Critical Infrastructure


President Biden has had no shortage of cybersecurity challenges, from the ransomware attacks on Colonial Pipeline and JBS Foods to cyberespionage campaigns conducted by nation-state cyber adversaries. With numerous cyberattacks on critical infrastructure, the Biden administration announced a cyber executive order and emergency cybersecurity regulations to bolster defenses – but is it enough? Bill Harrod, Federal CTO, Ivanti, highlights key lessons learned from attacks on critical infrastructure, why nation-state attacks will continue to rise, and what the Biden administration, and enterprises, need to focus on to build cyber resilience.

2021 was rife with ransomware and other cyberattacks on crucial supply chains and cyberespionage campaigns by nation-state threat actors. Most notably, ransomware group DarkSide took the Colonial Pipeline offline in May 2021, resulting in gas shortages and disruptions, and ransomware group REvil was revealed to be responsible for the attack on JBS Foods, the world’s largest meat processing company. The rise in ransomware caused widespread financial and business damage, resulting in massive implications for customers and consumers.

Why Critical Infrastructure Remains a Hot Target 

Despite the damaging effects of recent cyberattacks, critical infrastructure security measures continue to be ineffective and out of date, creating an expanded attack vector for threat actors. JBS Foods was hit byOpens a new window a ransomware attack in June 2021, forcing the company to close 13 beef plants in the United States temporarily. JBS Foods ultimately paid a ransom to prevent further disruption of its meat processing plants. In December 2020, nation-state threat actors silently slippedOpens a new window into SolarWinds’ network. It gained access to tens of thousands of customers, including numerous Fortune 500 companies, government agencies, and manufacturing entities. Many of the critical infrastructure systems used by SolarWinds’ customers were compromised and used for further attacks. 

Critical infrastructure continues to be actively targeted by bad actors, given the potential for economic and societal impacts. A recent reportOpens a new window identified 32 new ransomware families in 2021, increasing by 26% from the previous year. These ransomware groups continue to target and exploit unpatched vulnerabilities to instigate attacks. A single supply chain compromise could provide multiple attack vectors for threat actors to hijack an entire network through third-party applications, vendor-specific products, and open-source libraries. An attack on these systems could be left undetected, as evident by the SolarWinds hack, resulting in cyber-physical damage and a business interruption that could cost millions of dollars per day. 

See More: New Threats Are Putting Your Organization at Risk – Here’s What You Need to Be Aware of

Mitigating Cybersecurity Risk in Supply Chain

Concerns about the security of the supply chain are not a recent development. They date back decades. As cyberattacks on critical infrastructure continue to rise, organizations need to prioritize risk-based patch management, continuous and multi-factor authentication, and zero trust architectures to enhance cyber resilience. 

Threat actors take advantage of security gaps within the critical infrastructure to launch sophisticated attacks. Unpatched vulnerabilities are one of the most common exploits for cyber attacks today. The rise in always-on devices and the rapid shift to cloud-based applications will exacerbate security risks from unpatched vulnerabilities. With risk-based vulnerability prioritization, organizations can prioritize patching vulnerabilities based on active threat context and impact. Organizations need to be proactive in identifying, understanding and responding to anomalies and vulnerabilities. A risk-based approach accelerates remediation and patch management, allowing organizations to bolster their defenses against potential cyberattacks. 

President Biden’s Executive OrderOpens a new window and the OMB directivesOpens a new window have put a very fine point on zero trust and cybersecurity protections. Zero trust is an actionable and reliable next step for organizations looking to secure assets in the face of potential cyberattacks as an added layer of protection. Zero trust architecture ensures all users, devices, and networks are authenticated, authorized, and validated continuously, reducing the organization’s attack surface and potential cyberattacks. Organizations will need to review their existing cybersecurity policies and frameworks to understand their cybersecurity maturity better. By adopting zero trust architectures to address their security posture as a whole proactively, organizations can mitigate the potential cyber risks posed by the interconnectedness of critical infrastructure networks and improve overall cyber hygiene.

Closing the Cybersecurity Gap

The rise in cyberattacks on critical infrastructure has wreaked havoc on the backbone of the global supply chain, causing financial damage and business disruption. President Biden recently signed the Cyber Incident Reporting Act, requiring critical infrastructure sectors to report cyber attacks within 72 hours of discovery. This legislation will help provide greater cybersecurity threat intelligence and directly address the increased threats from threat actors. Organizations will need to adopt zero-trust architectures and focus on a risk-based patch management approach to bolster cyber hygiene. With a better understanding of their security posture, organizations can begin closing the security gaps within the critical infrastructure to minimize potential security risks from bad actors.

What are the lessons you have learned from the recent cyberattacks? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to know!