Why are attacks on critical infrastructure and IoT rising?

The number of attacks on Internet of Things (IoT) environments and critical infrastructure is increasing. Why is this and how can you protect yourself?

Due to the onset of the Coronavirus pandemic which has led to an increase in technology usage, it gives attackers an opportunity to more easily exploit critical infrastructure and the IoT environment that powers it. 

As such, both technologies are now being described as a “soft target” for cybercriminals, for two main reasons. The first is that updates and patches to the Internet of Things environment is said to be, on the whole, unsophisticated, but mostly because hackers have realised that there are significant payouts involved in breaching IoT and critical infrastructure security. Let’s analyse this in more detail. 

Breaches to critical infrastructure and IoT mean greater financial rewards

IoT technology and critical infrastructure are high-value targets for attackers. An example of this is the Oldsmar water plant attack which took place in Florida in February this year. Hackers attempted to change the pH level of the city’s water so that it was more acidic, putting the public and wildlife at serious risk. To do this, they increased the levels of sodium hydroxide by 100 times. 

Another example is the Colonial Pipeline attack of May 2021, which involved cybercriminals using a password from the dark web to gain access to a virtual private network (VPN) and shut down the largest fuel pipeline in the U.S. Colonial. As a result, the hackers were paid US$4.4mn in ransom. 

However, the payout was seized a month later by the U.S. Department of Justice with support from a ransomware task force it had set up after reporting that 2020 was one of the “worst years” for cyberattacks. 

Speaking in a podcast about critical infrastructure attacks, Curtis Simpson, CISO at Armis, said: “The Operational Technology (OT) and Incident Command System (ICS) space is, honestly, the largest single attack vector with the greatest potential for impact. OT and ICS are powering some of the most critical infrastructures in the world; it’s critical operations.”

How can IoT technology and critical infrastructure be protected from cyberattacks? 

 

With there being an increase in IoT attacks, it’s important to know a few ways to protect your critical infrastructure. 

  • Know where your connected devices are in your environment: The reason this is important is that it gives your visibility so that you can work out an effective plan in case the worst does happen. 
  • Regularly change your device passwords from default ones: To ensure that your environment is as safe and well-protected as possible, it is a good idea to change all of your devices’ default passwords to something that is personal to you. As a result, it will become much more difficult for those devices to be hacked. 
  • Separate your IoT networks: IoT devices should operate off of their own individual networks to prevent attackers from also gaining access to larger IT networks. Restricting these networks to only communicate with relevant known IP addresses also reduces the risk of attack. 

 

Share

Featured Articles

TM Forum launches the world’s first D&I scoring system

TM Forum has released an industry-agreed score for diversity and inclusion - the first of its kind in the world - to help navigate the talent shortage

TCS is the new title partner of the TCS London Marathon

As a key partner for this year’s London Marathon, Tata Consultancy Services has announced its mobile app and digital transformation plans for the event

Just 6% of global video games feature a female protagonist

A new study has revealed that, while 69.3% of video games feature a standalone male protagonist, only 6% feature a female character in the lead role

Spotlight: the Apple iPhone 14’s satellite connectivity

Mobile Operators

AVEVA and Aras announce industrial technology partnership

Technology & AI

How will the full fibre rollout benefit the population?

Wireless Networks