Critical infrastructure under attack

Critical infrastructure is a term that is used to describe assets and facilities that are essential for the functioning of society and the economy. It encompasses a wide range of vital assets, including utilities and communications networks, food and water supply, oil and gas facilities, public health systems, transport networks and financial services. Should such services be disrupted, the consequences could be dire. 

Yet many organisations operating critical infrastructure facilities—some 90% of which are private organisations—feel that while the threats are real, they are not adequately prepared to defend against an attack on their IT systems. A survey conducted by Secure Computing, now part of McAfee, asked respondents to indicate their state of readiness for defending against IT threats in eight different industries in the critical infrastructure realm. More than 50% of respondents stated that utilities, oil and gas, transport, telecommunications, chemical, emergency services, and postal and shipping industries were not prepared, with the energy and oil sectors emerging as the most vulnerable targets and, therefore, the most likely to be attacked. 

Attacks against critical infrastructure have been on the rise. These range from wide-ranging nation state attacks, such as that seen against Estonia, that caused widespread services outages affecting a range of industries and the government sector, many of which are providing vital services, to the targeted attacks seen recently against high-value nuclear infrastructure facilities in Iran. 

Highly targeted in nature and generally employing a range of techniques in combination in an attempt to evade defences and make their attacks more likely to be successful, malware threats are becoming increasingly sophisticated and complex. Malware writers also increasingly test their exploits against defences that are available and release large numbers of variants of a particular strain of malware to avoid detection by anti-malware technologies that rely on signatures of known viruses and blacklists of applications known to be malicious to guard against infection. 

That is a game of catch up that can no longer be won. The most recently reported attack on critical infrastructure was perpetrated against oil, gas and petrochemical companies, purportedly by Chinese hackers, dubbed ‘Night Dragon’. McAfee reports that the attacks, which looked to steal information property, have been going on undetected for some four years owing to the elaborate mix of techniques that were used against their websites and staff to compromise their operations. McAfee states that, despite penetration testing, the breadth and complexity of the computer systems in place made it difficult to link malicious actions together. 

However, application whitelisting vendor CoreTrace states that whitelisting technology can actually stop such attacks from occurring in a proactive manner. Rather than relying on signatures identifying attacks that have already been seen, whitelisting works by only allowing approved applications that are known to be good to run. It states that its technology can stop attacks such as Night Dragon in their tracks. 

According to JT Keating, VP of marketing for CoreTrace: “The new attack against critical energy infrastructure computers, code named ‘Night Dragon’, utilises multiple remotely controlled applications on servers and PCs. Application whitelisting technology stops ‘Night Dragon’ and ‘Stuxnet’ type attacks by preventing the execution of all applications that are not on the whitelist for each computer in the infrastructure—including both malicious and legitimate remote control applications used in these attacks.” With hackers now looking for fortune rather than fame, only a proactive stance to security will allow organisations to stay one step ahead of their attackers.