COMMENTARY: Reports early last week from Iranian state media indicated that the country successfully repelled a "widespread and complex" cyberattack targeting its national critical infrastructure.While attribution remains unconfirmed, the operational characteristics align with previous attacks attributed to groups such as Israel-linked Predatory Sparrow, known for targeting Iranian industrial and governmental systems.
However, the incident last week underscores a broader trend: the increasing frequency and sophistication of cyberattacks on critical infrastructure worldwide. In the past several weeks and months alone, several notable incidents highlight this escalation:
Francepublicly accused the Russian military intelligence group APT28 (Fancy Bear) of conducting a series of cyberattacks over the past decade, targeting French government ministries, defense contractors, media outlets, and organizations related to the 2024 Paris Olympics.
Spain launched a judicial investigation into possible sabotage following a mass blackout that impacted large parts of Spain, Portugal, and southern France, even though preliminary assessments by grid operators ruled out a cyberattack.
China-linked hackers breached several U.S. internet-service providers in the Salt Typhoon cyberattack that aiming to gather sensitive information and potentially access core network components.
These incidents reflect a strategic shift in which cyber operations are employed not just for espionage, but as tools for geopolitical influence and disruption.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]In response to these attacks, the U.S. government has been working to bolster cybersecurity measures, including the implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which aims to improve the nation's ability to respond to cyber threats.There's also been a growing emphasis on international cooperation to counter cyber threats. For instance, France has pledged to work with allies to counter threats from groups like APT28.
Recommendations for security teams
Here are five ways security teams can prepare for potential attacks on critical infrastructure:
Implement zero-trust architectures: Adopting a zero-trust security model can help in mitigating risks by ensuring that no entity gets trusted by default, regardless of whether it’s inside or outside the network perimeter.
Update and patch systems regularly: Ensure that all systems are up-to-date with the latest security patches so the team can prevent exploitation of known vulnerabilities.
Conduct regular security audits: Periodic assessments can identify potential weaknesses and areas for improvement in the organization's cybersecurity posture.
Encourage employee training and awareness: Educating staff about phishing attacks and other common cyber threats can reduce the likelihood of successful breaches.
Develop incident response plans: Creating a well-defined and tested incident response (IR) plan ensures that the organization can respond swiftly and effectively to cyber incidents.
The increasing prevalence of cyberattacks on critical infrastructure requires that organizations take a proactive and collaborative approach to cybersecurity. By understanding the evolving threat landscape and implementing robust security measures, organizations and nations can better protect themselves against these growing threats.There's a reason attackers go after hospitals, oil refineries, and telecommunications companies. Society needs these systems to function, and the attackers know it.Callie Guenther, senior manager, cyber threat research, Critical StartSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Callie Guenther, senior manager of cyber threat research at Critical Start, has been tasked with both directorial and engineering responsibilities, guiding diverse functions, including data engineering, cyber threat intelligence, threat research, malware analysis, and reverse engineering, as well as detection development programs. Prior to Critical Start, Callie worked as a cyber security intelligence analyst and served as an information systems technician with the U.S. Navy, giving her a well-rounded understanding of the cyber threat landscape and the administration of secure networks.
The Trump administration was reported by various sources to be preparing to designate new leaders for the National Security Agency and Cyber Command beginning this week, following the firing of NSA and Cybercom Head Gen.
CyberScoop reports that the Department of Homeland Security was noted by House Homeland Security Committee's top Democrat Bennie Thompson of Mississippi to have refused to share details regarding the number of Cybersecurity and Infrastructure Security Agency employees let go from the agency despite persistent requests from the panel.
Intense criticism from the information security community has prompted the Cybersecurity and Infrastructure Security Agency to roll back its plans to divert the distribution of online security updates and guidelines to its X account and email subscriptions while retaining only urgent alerts on its website, reports Infosecurity Magazine.
