Lack of visibility leaves critical infrastructure vulnerable to ransomware

Dive Brief:

A lack of visibility leaves many critical infrastructure and other industrial providers vulnerable to attack, according to Robert M. Lee, co-founder and CEO at Dragos. The security community has been focused on exploring enterprise IT networks, when the actual evidence of vulnerabilities sits inside OT networks.
"In essence we had the equivalent of Schrödinger's OT believing that as long as we did not look in the box, the cat was alive," Lee said in prepared remarks before a House Committee on Energy and Commerce subcommittee on Tuesday.
Companies are paying millions of dollars in ransomware to cyber extortionists because they often see no other option to quickly restore business operations, according to Charles Carmakal, SVP and CTO at Mandiant. High quality file backups usually aren't enough to get computer systems back up and running, so enterprises view payment as the only immediate option.

Dive Insight:

The ransomware threat has taken on heightened scrutiny in recent months, following the May disruption of Colonial Pipeline by the DarkSide ransomware group, the June attack against meat supplier JBS USA, and the attack against IT software firm Kaseya earlier this month.

Some businesses paid the ransom to restore services. Colonial paid $4.4 million to restore fuel delivery, while JBS, one of the world's largest meat suppliers, paid $11 million to the REvil ransomware group. The same emboldened threat actor demanded a record $70 million to provide a universal decryptor for Kaseya victims, which include thousands of small -to medium-sized businesses.

"The ransomware threat has grown exponentially over the last decade, and our response must grow in kind," Rep. Diana DeGette, D-Colo., chair of the Subcommittee on Oversight and Investigations, said as part of her opening remarks. "We must do everything we can as a nation to fix our vulnerabilities and protect our critical industries."

The threat of ransomware toward the nation's critical infrastructure has become a top priority of the Biden administration as the Colonial attack highlighted the ability of sophisticated threat actors to completely disrupt the nation's economy. The attack not only forced Colonial to halt fuel delivery for six days, but it caused a temporary spike in gasoline prices.

Dragos began work earlier this year with the Department of Energy on a 100-day action plan to boost real-time visibility into OT networks electric power industry. Under the program, visibility has gone from 5% to more than 70% across the electric power industry, according to testimony from Lee.

Dragos is also tracking more than 15 state actors specifically targeting industrial and operations systems in various critical industries around the world, according to Lee. The company found ransomware specifically designed to target OT systems.

Targeted disruption of hacker communications and payment mechanisms, and increased cyber hygiene to protect organizations against being attacked could also help contain the growth of ransomware, according to Kemba Walden, assistant general counsel at the Microsoft Digital Crimes Unit.

Nearly all (99%) of cyberattacks against organizations could be prevented if multifactor authentication was implemented, according to a Microsoft study cited by Walden. The use of multifactor authentication should be included as part of a set of federal minimum standards for cyber hygiene, she said.