What’s happening

America’s enemies are increasingly targeting critical infrastructure with cyber attacks, a top investigative security journalist says.

Why it matters

A cyberattack that shuts down an oil pipeline or hospital could affect millions of people and put lives at risk.

Last year’s ransomware attack on Colonial Pipeline could have been prevented if the people trying to protect its computer systems had taken basic precautions and kept their eyes open for signs of an attack, a top cybersecurity journalist said Thursday.

Investigative reporter Kim Zetter said attacks targeting the world’s oil pipelines, power and water treatment plants, and essential computer systems have risen dramatically since the discovery of the Stuxnet worm in 2010. Stuxnet reportedly destroyed numerous centrifuges in an Iranian uranium enrichment facility and was later modified to target facilities including water treatment plants, power plants and gas lines.

Zetter made the comments in a presentation at the Black Hat computer hacking conference in Las Vegas. Zetter, a longtime security reporter for Wired and other publications, is also well known for her book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, which detailed the attack. 

The original Stuxnet attack, which is widely accepted to be the work of the US and Israel, was first discovered by a Belorussian security researcher and later unraveled by others at the cybersecurity company Symantec.

It set off a “cyber arms race” among nations, Zetter said, and “heralded the militarization of cyberspace.” 

“Stuxnet demonstrated the viability of resolving geopolitical conflicts through cyberattacks, and suddenly everyone wanted in on the game,” Zetter told the crowd, adding that while only a few countries had offensive hacking programs before, others soon launched their own operations.

Attackers still see an upside in going after critical infrastructure, she said. Some parts of critical infrastructure, such as the highly regulated electrical power industry, have boosted defenses in response. But protections for much of the area have become more complicated without improving security.

The Colonial Pipeline hack is a prime example of the latter development, Zetter said. 

For example, Colonial quickly paid a multi-million-dollar ransom after its computer system was taken over by ransomware, a payment that surprised observers who assumed an oil-and-gas pipeline would have sufficient backups of its data. The company, however, wasn’t prepared for such an event.

Colonial Pipeline officials later told lawmakers that its response plan didn’t cover ransomware attacks, Zetter said, despite the fact that critical infrastructure attacks had been documented for several years at that point.

“The signs were there if Colonial Pipeline had looked,” she said. Colonial didn’t immediately respond to a request for comment.

She noted that researchers at Temple University had documented hundreds of attacks on critical infrastructure the year before, while major cybersecurity companies also had reported increased targeting of these kinds of systems. In 2020, the Cybersecurity and Infrastructure Security Agency issued a report warning of ransomware attacks specifically against pipelines.

The attackers got through Colonial’s virtual private network using an employee password that had been used on another network and wasn’t protected with multi-factor authentication, which would have required those attackers to supply a second form of identity in addition to the compromised password.

After the ransomware locked up Colonial’s systems, the company was forced to shut down its operations for nearly a week. The news sparked panic buying and drove up prices for consumers, though there was no shortage.

Following the attack, CISA issued a long list of security guidelines for industrial control systems. The recommendations were similar to those given before the attack, but Zetter said the Colonial Pipeline hack had made it clear that the guidelines weren’t being followed. 

A year after Colonial, Zetter said the threat against critical infrastructure remains high and now includes America’s election system. Some states still use voting machines that don’t include paper printouts that can be used in the event of a recount. Security experts have long called for voting machines to include tamper-proof redundancies, such as printouts. 

TECH NEWS RELATED

IKEA Family Members to Get free KonsultaMD Plan

Members of IKEA Family, the loyalty club of the global home furnishing brand, get an exclusive free one-month health plan from leading telehealth services provider KonsultaMD. Up to five family members of an IKEA Family member could avail of unlimited consultations with licensed physicians anytime they want and anywhere ...

View more: IKEA Family Members to Get free KonsultaMD Plan

Ark Nova board game review: whip-smart strategy with an enchanting theme

The tight zoo-management board game is a charming chimaera of some of the best strategy games out there – but still very much its own beast

View more: Ark Nova board game review: whip-smart strategy with an enchanting theme

Nothing Phone (1) users just got an exciting free upgrade

The budget Android phone is now even better value

View more: Nothing Phone (1) users just got an exciting free upgrade

The new Garmin inReach Messenger’s got your back, no matter where you are

Garmin have just released an affordable, simple-to-use satellite communicator that works without phone coverage or Wi-Fi

View more: The new Garmin inReach Messenger’s got your back, no matter where you are

N64 Controllers Restock for Switch Online + Expansion Pack Spotted: Sold Out in 2 Seconds?

A recent N64 controller restock has been spotted online, which lasted for just two seconds. The controller is said to help improve the Switch Online + Expansion Pack service. Nintendo 64 Controllers Available in the US for Switch Online Members According to the story by Nintendo Life, there was ...

View more: N64 Controllers Restock for Switch Online + Expansion Pack Spotted: Sold Out in 2 Seconds?

Logitech G502 X Plus review: a wireless gaming mouse with stunning RGB lights

The Logitech G502 X Plus might be expensive but it's worth it

View more: Logitech G502 X Plus review: a wireless gaming mouse with stunning RGB lights

BMW Chooses Amazon Alexa for Its Next-Gen Voice Assistant: Partnership Grows from 2018 Decision

BMW has decided that Amazon’s Alexa will be the foundation for its next-gen voice assistant. This would continue their partnership which started in 2018. BMW Partners with Amazon for Development of Its Voice Assistant According to the story by Tech Crunch, the companies announced the partnership at the annual ...

View more: BMW Chooses Amazon Alexa for Its Next-Gen Voice Assistant: Partnership Grows from 2018 Decision

MiniTool Power Data Recovery 2022 review

Simple data and photo recovery tool with unignorable limits

View more: MiniTool Power Data Recovery 2022 review

Amazon Echo Dot smart home speakers get cool new feature upgrade

Adidas hits another running shoe milestone with the ADIZERO Prime X Strung

How to Split Cells in Google Sheets

ASUS Details AMD X670 Motherboard Line-up

5 key reasons to upgrade to a Dolby Atmos soundbar

9 Ways to Fix AirDrop Not Working on iOS or MacOS

The North Face's NSE Collection combines utilitarian style with experimental designs

Google Chrome users can try this great new browser upgrade today

Ring Spotlight Cam Pro Update: Amazon Adds 3D Motion Radar and Bird's Eye View

Nvidia RTX 40 Series graphics cards now look an even better buy

Razer Plans to Rival Nintendo Switch and Steam Deck with Its Upcoming 'Razer Edge 5G'

COLORFUL Presents Intel Z790 Series Motherboards for 13th Gen Intel Core CPUs

OTHER TECH NEWS

Top Car News Car News