What Are Cyber-Physical Attacks and Why Are They Dangerous?
The Rise of Cyber-Physical Attacks
Internet connectivity has grown significantly throughout the past decade and has reached far beyond conventional home and office settings into industrial environments that contain physical appliances, machines, and OT infrastructure. Likewise, the scope of cyberattacks has also widened to include these physical targets. Such cyber-physical attacks are usually more destructive and costly than conventional cyberattacks because they can directly interrupt industrial, economic, and social activities.
Why Are They Dangerous?
Cyber-physical attacks should be viewed and treated differently from conventional cyberattacks as their operating mechanisms and objectives are oriented towards causing damage to the physical world. The following are some common objectives of cyber-physical attacks.
1. Financial Gain
Most are familiar with the dramatic increase in the number of double-extortion ransomware attacks in recent years. In such attacks, the ransomware operators not only encrypt IT systems to prevent data access, but also exfiltrate copies of sensitive data and threaten to release or sell them to third parties. To make things worse, as ransomware gangs start to target industrial OT systems now, they gain a third leverage by directly shutting down crucial operations. Due to the multifaceted pressure, victims are left with no choice but to pay astronomical ransoms to avoid the greater costs associated with operation disruptions, lawsuits, and reputational damage.
At the same time, ransomware groups are becoming smarter at calculating ransom figures based on the leverage they have. According to the State of Ransomware 2021 report by Sophos, the average cost of ransomware attacks more than doubled from $761,106 in 2020 to $1.85 million in 2021. In some cases, ransom demands reached as high as $50 million, as seen in the REvil ransomware attack against Acer.
2. Political Protest (Cyberwar)
Very commonly, threat actors target publicly funded industrial systems and economic activities as a way of expressing their political stances. Such attacks are usually initiated with specific political themes or social causes, usually in the name of hacktivism. Some of these attacks are conducted by civil groups, while others are backed by governments and intelligence agencies. For instance, civil hackers in Israel and Iran are known to target crucial energy and transportation infrastructures in each other’s country as a form of political protest. On the other hand, government-backed operations are frequently caught in Eastern Europe, the US, and Australia.
Sometimes, the threat actors would hide in the dark to conduct espionage and infiltration operations. These attacks can remain undetected for years and are less likely to be publicized.
3. Vandalism and Reputational Damage
It is unclear how many cyber-physical attacks are solely dedicated to hurting a specific business–either to damage its operations or reputation–because these attacks are almost always conducted using ransomware and paired with financial motivations. Nevertheless, it is certainly possible for certain threat actors to purposely damage a specific organization in the disguise of a ransomware attack.
4. The Worst-Case Scenario
In industries that are crucial to personal safety, threat actors could exploit OT systems to cause physical harm or death. Ransomware attacks on hospital systems are one example of playing with fire because an operation disruption for as short as a few minutes can risk the lives of ICU and emergency patients, as shown in the ransomware-led fatality case at a German hospital last year.
In a more extreme case, a hacker modified the chemical content of drinking water to dangerous levels in a Florida city earlier this year. Fortunately, the attack was detected in time before the water reached any households.
How Prepared Are We?
The Governments’ Responses
USA. On May 7, 2021, the largest pipeline in the United States was paralyzed by one of the most controversial ransomware attacks in history. Colonial Pipelines, which supplies fuel to 45% of the East Coast, was attacked by the DarkSide ransomware gang and forced to shut down all of its operations. This quickly led to widespread panic buying that escalated to oil shortages across many states. As a result, the US Department of Transportation issued a Regional Emergency Declaration that temporarily allowed the transport of fuel by road. After receiving international criticism, the attackers backed down and accepted a ransom payment of $5 million, which was considerably low for an attack of this scale.
After this incident, the US government took the importance of cybersecurity to the next level by addressing it as a “core national security challenge”. All government agencies and critical infrastructure operators are now required by law to have up-to-date security measures. Tech giants like Google, Microsoft, and IBM are invited by the White House in discussions to increase their spending on cybersecurity initiatives.
Australia. The largest wave of cyber-physical attacks hit Australia this year, leading to millions of dollars being paid in ransom. Earlier in the year, an attack on Nine Entertainment interrupted the broadcasting of a politically sensitive TV program and hindered its ability to produce newspapers. Later in June, a ransomware attack on JBS Foods impacted 47 meat processing facilities across the country.
Due to the increasing threat, the Australian Parliament is currently in the process of approving a bill that would mandate cyber incident reporting for all critical infrastructure operators. The law also gives cybersecurity agencies the power to access systems of critical infrastructure when they are compromised.
Responses from the Private Sector
Regardless of whether running critical infrastructure, all organizations must now treat cybersecurity as a vital component to their business success. Many enterprises are playing a leading role by implementing secured multi-factor authentication (MFA) and database encryption. Preventing today’s sophisticated cyber-physical attacks begins with account and data security.
To learn more about how to secure your organization, consult with Penta Security.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security