WatchGuard Blog

Wanted: Reward of up to $10 million for critical infrastructure hackers

The U.S. government aims to tackle cybercrime, in particular attacks targeting critical infrastructure. For this purpose, the U.S. State Department has announced a reward of up to $10 million to anyone who offers valid information about any potential cyberattacks on critical infrastructure supported by foreign states. This measure has been adopted thanks to the efforts by the authorities to put a stop to these cyber threats, but above all, to the efforts to raise awareness of the importance of protecting endpoints as the ultimate goal. 

The Department is offering to pay a reward to anyone who provides "information leading to the identification or participation of any person acting under the direction or control of a foreign state, involved in cyberattacks against critical infrastructure.” The authorities have created a communication channel for this purpose based on the encrypted Tor network, in which the aforementioned information can be reported completely anonymously. This initiative, in addition to anonymity and encrypted and secure communication, also provides for the payment of rewards in cryptocurrencies. 

 

The serious impact of cyber threats on critical infrastructure 

A cyberattack on critical infrastructure has much more serious consequences and affects a much larger number of users than those suffered by organizations and individuals. Malicious cyber actors, after accessing the infrastructure, have access to the key services of a country (such as health and defense, to name just a few), which means the impact affects a huge number of citizens. Statistics also show that cyberattacks of this nature are on the rise: back in 2018, the Spanish National Intelligence Center warned of a 43.65% increase in threats compared to the previous year. Moreover, the U.S. Healthcare Cybersecurity Market 2020 report issued by Frost Radar highlighted that nearly 90% of U.S. healthcare systems had been the victim of a cyberattack in the last three years. 

A good example of the impact of a cyberattack on critical infrastructure can be found in what has been considered the largest attack ever suffered by the oil industry in the United States, namely, the attack on the Colonial pipeline. Actors from the Darkside group managed to introduce ransomware into the systems that blocked up to 100 GB of data. This action had direct consequences for the public, as the company had to interrupt the fuel supply until their systems were restored. Operations at the Charlotte-Douglas International Airport in North Carolina were also disrupted. 

In another prominent attack, the Irish Public Health Service (HSE) was forced to cancel masses of patient appointments and radiology and oncology services were temporarily disrupted. In this case also, the collapse was caused by a ransomware cyberattack which was considered to be the largest ever suffered in Ireland, as later confirmed by the Irish authorities.  

The cyber threat on the water purification plant in the city of Oldsmar, Florida, would have had even more serious consequences than the case cited above if it had not been thwarted. This plant supplies drinking water to the city and if the hack had been successful it could have poisoned thousands of inhabitants. In this case, a company operator from the company detected a strange mouse movement that he attributed to the remote management software TeamViewer. Alerts started appearing when this mouse movement tried to raise the dose of caustic soda, which is used to regulate the PH of the water, to levels that are harmful for human consumption. This Oldsmar plant employee managed to halt the attack and the firm uninstalled TeamViewer, the software suspected to have been used to execute the hit. 

Endpoint shielding, the key to protecting critical infrastructure 

In the case of the cyberattack on the Oldsmar water plant, it was a combination of pure chance and the efficiency of an employee that averted the disaster, but organizations must ensure that critical infrastructure are properly protected. Being proactive in the event of a hack of this nature is essential and, in this sense, adopting a Zero-Trust strategy is decisive.  This approach is based on a fundamental premise: nothing can be trusted. The system always identifies all users and devices to find out who connects to the network and what they do, provides secure access (limiting it to specific users, devices and applications) and continuously monitors the network and all endpoints through machine learning and behavioral-based detection. 

The best solution is for MSPs to ensure strict endpoint protection with advanced solutions such as Watchguard EPDR, which enables the company to: 

  • Constantly monitor endpoints and proactively execute any unknown process and automatically neutralize it.  

  • Leverage the power of artificial intelligence (AI) in the Zero-Trust Application Service, which classifies processes as trustworthy or malware before they even run.  

  • Automatic classification of 99.98% of processes, while WatchGuard's cybersecurity experts categorize the remaining percentage manually.  

This systematic approach enables all binaries to be detected while avoiding false positives and negatives and anticipating adversaries with the expanded proactive capabilities of WatchGuard EPDR and Zero-Trust Application Service, accelerating the search, investigation, and containment of cybercriminals seeking to disrupt critical infrastructure operations.