Over the past 15 years, the number of incidents at Information and Communication Technologies related facilities has increased tenfold, with the damage from the use of ICT for criminal purposes alone, according to experts, reaching more than $8 trillion in 2022. States and international organizations are also seriously concerned about the possibility of ICT being used for military and terrorist purposes. Ransomware hit 870 critical infrastructure organizations in the U.S. in 2022. In terms of the number of attacks last year, the top three ransomware gangs associated with incursions into critical infrastructure were LockBit (149), ALPHV/BlackCat (114) and Hive (87) and Clop.
For instance, Clop ransomware carried out data theft on companies across the globe by using zero-day vulnerability on the MOVEit Transfer file transmission platform. The attacks began on May 27 during the extended Memorial Day holiday in the U.S., when the Clop ransomware gang claimed to have stolen data from hundreds of companies. Clop then started extorting companies by posting their names on a data leak website, promising to begin leaking data if the ransom was not paid. CNN then first reported that numerous federal agencies, including the Department of Energy, were among those hacked and that data had likely been stolen.
And while those involved in these threats claim to delete any data stolen from governments, there is no way to determine if this is actually the case. This is why federal agencies must assume that the stolen data could be misused or potentially acquired by foreign governments. “Rewards for Justice” (RFJ) is a program by the U.S. State Department that offers monetary rewards for information about the perpetrators of threats and attacks affecting U.S. national security. The program hopes to prevent future attacks by swaying people, including others behind the threats who may have knowledge about Clop’s operations, with rewards for their tips. The U.S. State Department’s program has since announced a reward of up to $10 million for information linking the Clop ransomware attacks with a foreign government. Energy, food and agriculture are among the critical industries being attacked by ransomware in the U.S. and other countries around the world, but the leaders in this area are the financial sector, government agencies, critical manufacturing and health care.
The Japanese pharmaceutical company Eisai has recently fallen victim to a cyberattack when the firm’s servers were encrypted with the aid of a ransomware virus, thus causing work disruptions both inside and outside Japan. Eisai is involved in the research, development, and production of medicines and is one of the 30 largest pharmaceutical companies in the world. Its HQ is located in Tokyo, Japan, with representative offices in the U.S. and Europe and production sites in China, Indonesia, India and other countries. The company officially announced the incident on its website and reported that systems, including logistics, were affected both in Japan and abroad. Eisai did not specify the nature and number of systems affected by the cyberattack or whether production sites suffered from this but said it is still assessing the scale of the incident. The company immediately formed a working group and began cooperating with external experts and law enforcement agencies to eliminate any consequences caused by the incident and restore its systems in the wake of the cyberattack.
In addition to the partial or complete shutdown of critical infrastructure facilities, which happened to the Venezuelan oil company PDVSA, when oil production decreased from 3 million to 370,000 barrels per day as a result of an attack, such incidents also cause significant financial damage. One of the largest car manufacturers in the U.S. suffered $150 million in losses “thanks” to an attack via SQL Slammer, which quickly spread to 17 of the company’s factories. The Alaska Railroad Corporation (ARRC), an independent transportation company in Alaska, was subjected to a cyberattack that led to the theft of confidential information about the company’s suppliers and employees. ARRC is a Class II railroad owned by the state of Alaska. It operates both freight and passenger trains in the state. Transportation systems are considered critical infrastructure in the U.S., meaning that their protection is a national security priority. This attack ostensibly occurred on December 25, 2022, but the company notified the public about it as late as on April 17. The company said in a statement that “a third party gained unauthorized access” to ARRC’s internal network systems.
Modern information and communication technologies are sources of serious concern today because there are risks associated with the unique and vulnerable information that these devices, one way or another, collect and accumulate in cyberspace. In light of this, there exist cyber risks related to the potential for this system to be hacked and risks of confidential data and data on critical infrastructure being leaked. The British firm Darktrace confirmed that since the release of the chatbot “ChatGPT” cybercriminals are increasingly resorting to artificial intelligence (AI) to create fraudulent schemes that allow them to effectively deceive employees from various corporations around the world. And the neural network makes it much easier for hackers to attack corporations, including those engaged in critical industries. And what if these companies are dealing with nuclear technology, working in the space industry, or producing chemicals? Given the distribution of transnational corporations across all continents, this poses serious threats to the entire world. Cybersecurity has thus become an urgent issue on the international agenda. Currently, many states are putting most of the burden of protecting critical infrastructures squarely onto the shoulders of their owners.
This, of course, cannot but create chaos and cast doubt on the protection of both individuals and entities, regardless of their geographical location, state, and national affiliation. The principles of impartiality and nonpartisanship, open cooperation between experts and organizations from different countries, laid down decades ago, are becoming the bedrock of modern approaches, technologies, and services in information security. Certainly, such existing associations as CERT (Computer Emergency Response Team), CSIRT (Computer Security Incident Response Team), FIRST (Forum of Incident Response and Security Teams), or others can be used. But these structures are private and include both commercial and government organizations in the U.S. and a number of other countries. And, by and large, they are controlled by the governments of those countries in whose territorial jurisdiction they are located. At the same time, not all of the organizations that want to join these associations can get approval from the leadership of the said associations, including for economic and political reasons. Besides, such a solution additionally prevents the expanded exchange of information about threats between cyber incident response teams. Naturally, those organizations that are not included or excluded can start discussing the possibility of creating their own alternative communities.
Unlike in the U.S. most CERT groups in the European Union were created by universities and large IT companies that primarily pursue commercial interests. Most nations in the E.U. do not possess their own coordination centres and cooperate via the pan-European organization TF-CSIRT (Task Force – Collaboration Security Incident Response Teams). Management of the E.U.’s CERT centres is now gradually being handed over to ENISA. Since the issue relates to international information security and all countries and everyone everywhere, such groups or associations are unable to ensure the fair participation of all countries in the process of responding to cyberattacks, first and foremost, because of their significant politicization, and second, due to commercial interests. So, today there is not a single organization or association that was able to solve the whole spectrum of issues related to countering cyberattacks on critical infrastructure of different nations. Such cyberattacks are the pandemic of our age.
They cannot be dealt with alone, but there is, as of yet, no universal vaccine against them. It can only be developed as a joint effort between all countries around the world in a trust-based union.
Article edited by Larissa Conti
CyberpandemicCybersecurityFinanceInternetITProtectionState ResponsibilityTechnology
