More cyberattacks on critical infrastructure planned.

Japan’s largest port suffered a ransomware attack that disrupted port services. (Image source – Shutterstock)

Critical infrastructure cyberattack on Japan’s biggest port  

Getting your Trinity Audio player ready...

Cyberattacks on critical infrastructure are increasing especially with the growing tech adoption in these facilities. Some of the most commonly targeted critical infrastructure include gas pipelines, energy grids, transportation systems, oil refineries and healthcare facilities.

The Cybersecurity and Infrastructure Security Agency categorizes critical infrastructure into sixteen sectors. They include:

  • Chemical sector
  • Commercial Facilities sector
  • Communications sector
  • Critical Manufacturing sector
  • Dams sector
  • Defense Industrial Base sector
  • Emergency Services sector
  • Energy sector
  • Financial Services sector
  • Food and Agriculture sector
  • Government Facilities sector
  • Healthcare and Public Health sector
  • Information Technology sector
  • Nuclear Reactors, Materials and Waste sector
  • Transportation Systems sector
  • Waster and Wastewater systems

Most countries around the world also have named similar sectors as critical infrastructure. Any damage to this infrastructure, be it via natural disasters, terrorism or cyberattacks could lead to serious consequences for a country, especially on its economy and the wellbeing of the citizens.

Cybercriminals are aware of this and have continued to launch cyberattacks on these sectors. Some of the biggest critical infrastructure attacks include the ransomware cyberattack on Colonial Pipeline and JBS meat company. Both attacks disrupted the supply chain of products in affected countries.

A more concerning cyberattack was on a water treatment plant in Florida in 2021. A cybercriminal had hacked the controls of the facility and adjusted the levels of sodium hydroxide in the water, which could end up poisoning thousands of users. An employee noticed the intrusion and was able to stop the attack.

The UK government’s intelligence and security arm also issued an alert on Russian state-aligned threat actors aiming to conduct disruptive and destructive attacks against critical infrastructure in Western countries several weeks ago. More recently, critical infrastructure cyberattacks are also occurring in Asia. Several weeks ago, a tank storage facility in Malaysia fell victim to a ransomware attack.

Hackers are targeting critical infrastructure.

Critical infrastructures are vulnerable to cyberattacks. (Image source – Shutterstock)

Cybercriminals target Japan’s largest port

In Japan, the country’s largest port suffered a ransomware attack that disrupted port services. According to a report by Nikkei Asia, the port of Nagoya, which is also responsible for handling some of Toyota Motor’s car exports, suffered a crippling system glitch, which the port operator suspects to be a cyberattack.

The port operator also received a ransom demand in exchange for the recovery of the port’s loading system. The system was used to load and unload containers from trailers. An employee noticed the system failure when he could not start a computer.

Fortunately, the disruption lasted less than 48 hours as the port planned to resume operations. A Reuters report stated that the computer system had fully been recovered, but that was later than expected and the resumption of terminal operations has been pushed back by half a day.

Media reports also indicated that LockBit 3.0, a Russian hacking group based in Russia was responsible for the cyberattack on the critical infrastructure. Japanese authorities are still investigating the cyberattack and ransom demand.

Russian hacker groups continue to target critical infrastructures around the world. Britain’s National Cyber Security Center (NCSC) has warned of emerging threats to Western critical infrastructure by hackers that are sympathetic to Russia and its war on Ukraine. The agency mentioned that Russia-aligned “hacktivists” have carried out largely harmless online campaigns that have defaced prominent public websites or knocked them offline. However, some of those groups have been actively plotting ways to do more real-world damage.

Apart from Russian hacker groups, Chinese hacker groups have also been planning cyberattacks in the US. According to a report by Reuters, the US State Department has warned that China was capable of launching cyberattacks against critical infrastructure, including oil and gas pipelines and rail systems, after researchers discovered a Chinese hacking group had been spying on such networks.

In a multi-nation alert issued, the agency revealed the Chinese cyber-espionage campaign had been aimed at military and government targets in the United States. The Chinese government has rejected assertions that its spies are going after Western targets, calling the warning issued by the United States and its allies a “collective disinformation campaign.”

Attacks on critical infrastructure is on the rise.

A Tweet on increasing cyberattacks on critical infrastructure.

Securing critical infrastructure

Securing critical infrastructure is of paramount importance for organizations to protect essential systems and services from cyber threats and physical attacks. Organizations need to conduct a comprehensive risk assessment to identify vulnerabilities, threats, and potential consequences. They also need to understand the potential impact of an attack on critical systems and prioritize security measures accordingly.

For cybersecurity, apart from implementing strong access controls, organizations need to consider network segmentation. This divides the critical infrastructure into separate segments to contain potential breaches and prevent the lateral movement of attackers. Other considerations include having firewalls and deploying intrusion detection/prevention systems (IDS/IPS). These technologies help monitor and filter network traffic, detect anomalies, and prevent unauthorized access.

More importantly, all software and firmware need to be kept up to date to address known vulnerabilities and exploits. Organizations should also utilize strong encryption methods to protect sensitive data at rest and in transit. Implement robust security monitoring systems that actively detect and respond to security incidents in real time. Lastly, organizations should conduct regular cybersecurity awareness training for employees to educate them about best practices, social engineering threats, and how to handle suspicious emails or attachments.