The series of sensational cyber attacks - primarily with ransomware - does not stop. Just a few days after the BlackCat attack on the petrol station supplier Oiltanking, there were cyber attacks on Belgian energy companies and a British food manufacturer. Two comments from cybersecurity experts.
Security company Absolute Software says about renewed attack on energy companies
Torsten Georg, Absolute Software (Image: Absolute Software).
“The past year has seen a surge in cyberattacks, particularly using ransomware to target critical infrastructure such as utility and energy companies, government agencies, and organizations that provide services and products that we rely heavily on. For those tasked with protecting critical infrastructure, attacks like those reported earlier this week by Germany-based Oiltanking and Mabanaft, or now two Belgian energy companies, come as no surprise. According to the Global State of Industrial Cybersecurity 2021, 80 percent of critical infrastructure organizations experienced ransomware attacks in the past year.
Attack on critical infrastructure
By disrupting critical infrastructure, cybercriminals can up the ante and ransom, making these attacks a lucrative business proposition. According to Allianz Global Corporate & Specialty Cyber Report 2021, ransom demands have skyrocketed over the past 18 months and now average $5 million. Critical infrastructure providers, in turn, need to align their investments and priorities to implementing new technology solutions to enable device, people, network, data and workload resilience to not only minimize their risk exposure, but also to be able to adapt quickly to recover from these attacks."
Torsten Georg from the security company Absolute Software www.absolute.de
Vectra AI says about the renewed attack on energy companies
“Whether or not this recent spate of cyberattacks is coordinated or opportunistic, the point remains that the craft of today's ransomware criminals has reached a point of escalation. Historically, security breaches have often been primarily associated with data loss, and while measurable, the impact on individuals might feel a bit more abstract. This had the unfortunate side effect that an undetected or unpublished data loss might not result in the corrective actions needed to prevent a recurrence.
Andreas Riepen, Vectra AI (Image: Vectra AI).
Impact on heating, transportation, goods
Today's attacks will not be felt in the abstract - there are very real, very physical consequences that can affect heating, transportation, goods, services and frankly human well-being. There is no way to sweep them under the rug. Additionally, protection against these attacks in many sectors will not be achieved without serious modernization efforts in terms of managing and mitigating technical risks. This is a serious problem that cannot be solved in a vacuum. More private/public partnerships (PPP) will be needed to raise the bar for attackers through resilience, awareness and shared expertise.”
Andreas Riepen, Vectra AI, www.vectra.ai
Attack on KP snacks in UK
Also in the UK "KP Snacks" fell victim to a ransomware attack. The attack appears to have been facilitated after a breach of KP's internal network, where attackers gained access to and encrypted sensitive files, including employee records and financial documents.
As for attacking KP snacks, says Tenable
“The KP Snacks ransomware attack is another reminder of the need for strong security protocols as enterprise IT and OT networks continue to converge. Most ransomware attacks take advantage of a lack of cyber hygiene, and threat actors are waiting to take advantage. Businesses need to protect themselves by getting the basics right—starting with full visibility into all assets, including cloud, IT, and OT.
Marty Edwards, VP Operational Technology at Tenable (Image: Tenable).
Attackers use a variety of mechanisms, including Active Directory misconfiguration or trust relationships, as well as exploiting known vulnerabilities that should be addressed. It is only a matter of time before these typically IT-oriented attacks start to have a more dramatic impact on OT systems and more organizations fall victim. What organizations should learn from this incident is that basic security principles can make a difference. Without implementing these, any business can and should expect disrupted core functions like manufacturing, shipping and more.”
Marty Edwards, Vice President of Operational Technology at Tenable, www.tenable.com
Vectra AI says about the renewed attack on KP snacks
“The onslaught of ransomware attacks in 2022 won't let up, and more breaches are inevitable, so organizations need rapid breach detection to prevent serious damage. It's bad enough that cybercriminals are using this attack to disrupt Britain's food supply. But if more organizations like KP are impacted at the same time, or a more important supplier is targeted, we could also see wider social impacts, with empty supermarket shelves or increased food prices at a time when the cost of living is skyrocketing.
To avoid this, it's important that food suppliers take a proactive approach to combating ransomware and ensure they have advanced threat detection capabilities in place. By reducing the time it takes to detect threats, organizations can mitigate the impact of ransomware and stop attacks before they become breaches and disrupt business.” Andreas Riepen, Head CEE Vectra AI, www.vectra.ai
More at Vectra.ai More at Tenable.com