Anapaya Blog

Top 5 critical infrastructure cyberattacks

Written by Bahadir Candan | 17 October, 2024

In 2023, the University of Zurich was hit by a cyberattack linked to a slew of attacks on educational and medical facilities in the region. “The perpetrators appear to be acting in a very professional manner and are part of a current accumulation of attacks on education and health institutions,” the University of Zurich stated. 

While the good news is that the attack was largely unsuccessful, it did some damage. The university was forced to isolate parts of its IT system and delayed access to online resources for staff and students.  

Even more troubling is that this seems to be a rapidly growing trend. Several attacks have been carried out on European universities in recent years, disrupting their service delivery. The year before, the University of Neuchâtel was hacked by malicious software, and in 2021, the Swiss town of Rolle was hacked and had their data stolen. A group called ‘Vice Society’ claimed responsibility, threatening to target other municipalities and hospitals and their threat seemed to carry weight. 

Public institutions and critical infrastructures are quickly becoming top targets for cybercrime around the world, and this can have detrimental effects on the countries, organizations, and all people that rely on them. We’ve already seen how cyberattacks have been behind nationwide power outages, the disruption of healthcare services, and even acted as catalysts for invasions in the most extreme cases.  

In this blog, we’ll explore why this is happening and what you can do about it as we look at the top 5 cyberattacks on critical infrastructure. 

Why are cyberattacks targeting critical infrastructure?

For years, cyberattacks have been targeting individuals and companies, hoping to catch them unprepared and mine for sensitive data. However, cybercrime is evolving and has identified new opportunities for profit in the process 

People, as well as infrastructures, have become increasingly more reliant on connectivity. Developments like remote work and the IoT revolution have only hastened this trend towards interconnectedness, opening more doors for cybercriminals to strike.  

A report from cybersecurity firm KnowBe4 reveals that, between January 2023 and January 2024, global critical infrastructure faced over 420 million cyberattacks, averaging approximately 13 attacks per second. While the United States was the primary target, the report indicates that 163 other countries also experienced attacks on critical infrastructure, often attributed to state-sponsored hackers linked to China, Russia, and Iran. 

As you can expect, governments, enterprises, and regulators have all pushed for increased spending on cybersecurity measures to prevent the devastating effects cybercrime and warfare can have on critical infrastructure.  

Let’s take a look at a few of the more notable examples. 

USA healthcare system, 2024 

Threat: Healthcare services disruption 
Suspected perpetrator: Russian Blackcat/ALPHV ransomware group
Instigator: Intrusion attack followed by ransomware 

The U.S.A.’s biggest health care payment system operated by Change Healthcare that handles some 14 billion transactions a year took a hit from a ransomware attack carried out by the Blackcat/ALPHV ransomware group. Their system was down for nearly a month after the attack on February 21st.  

The impact has been massive – not only in its nationwide spread and financial toll but also in how it has hurt patient care. Pharmacies, clinics, hospitals, and patients have been left in paperwork chaos, unable to issue prescriptions, conduct check-ups, respond promptly to emergencies, or deliver essential treatments. The disruption touched every aspect of care. 

The American Hospital Association labeled the breach “the most significant and consequential incident of its kind against the U.S. health care system in history.”  Either way, the Triton Malware Attack is a good example of how cyberattacks can lead to massive destruction if left unchecked.

The Netherlands: solar panels, 2024 

Threat: Power outages, financial losses, national security 
Suspected perpetrator: Ethical “Dutch” hackers 
Instigator: Zero-day vulnerabilities on IoT devices 

This year, two 'ethical' hackers from the Dutch Institute of Vulnerability Disclosure (DIVD) uncovered six critical zero-day vulnerabilities in Enphase IQ Gateway devices, which are essential for converting solar power for home use. Three of these flaws would have allowed actual hackers to gain full control over the devices, if the devices were connected to the public Internet. Over four million systems deployed in 150+ countries could have been exposed to the potential for malicious takeover. And, if this had been a successful attack, it could have been devastating, leading to widespread power outages, financial losses, and even threats to national security. 

As solar energy systems become embedded in national grids, they grow more vulnerable to cyber threats. The interconnected nature of modern solar infrastructure makes securing it essential for a resilient and secure transition to sustainable energy.  

Pennsylvania water system, 2023 

Threat: Water supply and quality  
Suspected perpetrator: Iranian hacker group “Cyber Av3ngers”
Instigator: Intrusion attack followed by malware attack

A hacking group with links to Iran, known as the “Cyber Av3ngers,” forced a water facility in Pennsylvania into manual operations. The hackers managed to gain control of at least one device at the Municipal Water Authority of Aliquippa, which serves two townships with over 7,000 residents.  

The hackers targeted a programmable logic controller (PLC), specifically a Unitronics Vision system with an integrated human-machine interface (HMI) connected to the Internet. These systems are sometimes vulnerable to attacks, allowing hackers to insert malicious code. In this case, the attackers compromised the PLC responsible for regulating water pressure at one of the authority's booster pump stations. 

Fortunately, this time, no harm was reported to residents reliant on the water supply. 

Ukraine’s power grid, 2022

Threat: Power outages
Suspected perpetrator: Russian hacker group ‘Sandworm’
Instigator: Intrusion attack followed by malware attack

In late 2022, Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization, deploying OT-level living off the land (LotL) techniques to trip substation circuit breakers. This attack led to an unplanned power outage that coincided with widespread missile strikes on critical infrastructure across Ukraine.  

Tragically, the attack not only caused civilian casualties but also left four regions temporarily without electricity and disrupted supplies across several areas. To add insult to injury, particularly alarming is that the initial intrusion into the SCADA system began as early as June 2022, ultimately resulting in two major disruptive events on October 10 and 12, 2022.  

Colonial Pipeline oil, 2021

Threat: $5 million ransom, oil and gas shortages
Suspected perpetrator: Russian hacker group DarkSide
Instigator: Unknown 

Colonial Pipeline, the largest oil pipeline in the US, was hit with a massive, targeted ransomware attack. The pipeline – which supplied over 45% of the East Coast’s gas, diesel, and jet fuel – was forced to shut down its operations entirely. It took the pipeline 11 days to partially recover after the company ended up paying $5 million dollars in ransom.  
 
While the initial instigating attack or vector is still unknown, the effects of the attack were clearly felt. By the end of the attack, nearly 11,000 gas stations were still out of gas, and the average cost for fuel per gallon rose nationally, the highest cost in over 6 years. 

KillNet, 2022-2023

Threat: Disruptions to health, energy, and defense sectors
Suspected perpetrator: Pro-Russian hacker group KillNet
Instigator: DDoS

KillNet has led a barrage of sustained DDoS attacks at Ukrainian allies since the start of the conflict. More recently, they have targeted US and Dutch hospitals for aiding in Ukraine’s defense against Russia and taken down Lithuania’s power grid in unprecedented DDoS strikes. They also struck over a dozen US airports, canceling flights and disrupting operators.

KillNet has been a vocal supporter of Russia’s war in Ukraine, using DDoS attacks as its primary weapon to disrupt operations in allied countries. While DDoS in itself is not threatening to many systems, it has been used as a cover for more serious malware attacks. 

A way forward with SCION

While connectivity has become our greatest strength, it’s also become our greatest vulnerability. With critical systems and infrastructure being connected and reliant on one another, malicious parties only need to infiltrate one connection to cause massive damage.

Thankfully, there is another way for nations to combat the surge of cyberattacks on critical infrastructure. SCION elevates sensitive data communications and connections beyond the opportunity of attack for cybercriminals. By operating their networks on the SCION Internet, organizations, federal institutions, and public infrastructure can operate safely, with bad actors completely unaware of their presence. 

If you want to see exactly how it can work for your organization, read about two SCION use cases for critical infrastructure below. 

Use case 1: Securing critical infrastructure with a closed network 

For closed, critical infrastructure with well-defined entities, EDGE-to-EDGE is the right solution. It enables the safe exchange of communication between businesses and other organizations while ensuring cyber resilience.    

For example, the Secure Swiss Finance Network (SSFN) powered by SCION is a controlled and secure network launched by the Swiss National Bank and SIX, the infrastructure provider, which connects participants in the Swiss financial center. On this SCION-powered network, the SIC interbank payment system processes over 150 billion CHF and 2.6 million transactions daily, on average. Similarly, the Secure Swiss Energy Network (SSEN), initiated by the Association of Swiss Electricity Companies, has successfully completed the conceptual framework for integrating SCION to secure the Swiss energy and utilities ecosystem. The concept introduces the SSEN as a private energy network connecting energy and utilities companies within the country.  

Use case 2: Protecting critical infrastructure with an open network for IoT and remote access  

Every connection to the Internetbe it a service, device, or userpresents a potential entry point for malicious actors into your network. Critical infrastructures today have countless entry points that cybercriminals can exploit. As seen in cases like the solar panel hack in the Netherlands, the Pennsylvania water system breach, or the Change Healthcare cyberattack in the USA, critical services exposed to the Internet face massive attack surfaces simply because they are accessible to millions of IoT devices and users on the public Internet. 

By operating your infrastructure on the SCION Internet, you can strategically control which services are visible to the public and which are accessible only to select ISPs and their users through Anapaya GATE. This approach effectively hides your service from the public Internet, reducing your attack surface by up to 99.9%. It is a network built on trust. 

What is next with SCION 

In Switzerland, the Secure Swiss Utility Network (SSUN) is being developed as a community network, designed for integration with validated ecosystems and industry platforms, cloud applications, BPO providers, IoT, technicians, remote workers, security operation centers, and more. While the SSUN is still in the conceptual stage, another network that is already in technical implementation phase is the Secure Swiss Health Network (SSHN). Once completed, healthcare professionals will be able to access digital healthcare services on the SCION Internet via the GATE.  

Protect your critical service from intrusion and DDoS attacks that lead to ransomware and malware, while keeping it accessible to IoT devices and remote users. All you need is Anapaya GATE.   

In both use cases, SCION effectively renders your data and communication invisible to users who have no business reading it.  

If you’re ready to take the security of your business, organization, or critical infrastructure seriously, see how SCION can help you.