Sophisticated Cyberattacks Pose New Challenges for Australian Critical Infrastructure.
Sophisticated Cyberattacks are on the rise in Australia, and the new Risk Management Protocol signed off by Minister for Home Affairs and Cybersecurity Clare O’Neil in February makes it clear – being prepared to respond to a cyber incident is not enough. Ongoing risk management and operational resilience is now a regulatory expectation, not to mention a business imperative. According to The Australian Cyber Security Centre (ACSC), cybercrime in Australia has increased by 13% YOY from 2021 to 2022.
A number of these attacks, most notably state-sponsored attacks (attacks carried out with the active support of national governments), are also directly targeted at Industrial Control technologies. In April 2022, the Australian Government amended the Security of Critical Infrastructure Act 2018 (SOCI) introducing a new, enhanced cybersecurity obligations framework for Systems of National Significance (SoNS). This amendment, and a number of other considerations, are combining to require the entire industrial sector to review their approach to cybersecurity as the threat levels continue to increase.
Threat 1 – Cybercrime has become a mature business
Cybercrime has reached business maturity, evolving from underground, fragmented communities to mature, self-regulating marketplaces that favor efficiency. Adopting the Software as a Service (SaaS) business model, Ransomware as a Service (RaaS) is a subscription-based model that enables its customers to use already developed ransomware tools to execute attacks. If successful, the RaaS provider earns a percentage of the ransom payout. RaaS businesses now advertise online, providing their services for any parties willing to pay, and post job openings, looking for employees that can write malicious scripts that can bypass security measures.
Threat 2 – Cyberattacks have grown in sophistication
Just as Artificial Intelligence and Machine Learning continues to increase efficiency and productivity for the business world, so too does it provide significant technological evolution for those using it for nefarious means. Artificially intelligent attacks can now sneak into a network, listen in, and explore what sort of AI or Machine Learning you are using for your operations. Through developing a deeper understanding, these attacks can then tweak your processes, causing your own AI to take actions on malicious information. Smart scripts are also written that don’t activate until they can work to the core of a network. One ransomware attack against a European OT R&D firm lay dormant for a month before it wrote shell scripts to network servers.
Threat 3 – IT/OT convergence is creating more attack surface for attackers to enter through
The IT/OT convergence is providing many benefits to industrial operators around the world, however connecting operational technology can leave security gaps, and this is creating more paths for attackers to enter, and more opportunities for cyber disruption. Several well-known attacks used vulnerabilities created by IT/OT convergence, including the Triton malware attack that shut down Saudi Arabia’s Red Sea refinery, which targeted safety systems throughout the refinery and put it at risk of explosion.
Attackers around the world no longer view IT and OT as distinct, partitioned regions, so it is important going forward that IT and OT security are discussed as one.
Increase the security of your industrial networks
To secure network infrastructure, global technology leaders in the IT/OT space are developing secure and reliable networking solutions. Intrusion detection and prevention systems can identify and mitigate cyberthreats in IT/OT environments by providing real-time network visibility, secure remote access, signature-based security, network segmentation, virtual patching, threat intelligence, deep packet inspection, centralized security management, and containment of malicious activities. These devices meet or exceed IEC 62443 cybersecurity requirements and are specifically built for industrial environments.
Learn more about this topic with Madison Technologies
If you need help building, optimising or scaling cybersecurity in your organisation, we recommend booking a discovery session with our technical team, where you can take a deeper dive into the unique challenges of your operations. We’ll listen to your requirements and recommend a solution that fits your needs.