Critical Infrastructure Attacks: New Rules, New Game

Critical infrastructure lacking proper protection leaves itself open to a greater number of increasingly sophisticated cyberattacks.

• Cybercrime is a business: Low-level threat actors root out opportunities to sell to high-level bidders, who have the infrastructure, tools, and know-how to evade malware detection and successfully carry out cyberattacks.
• Critical infrastructure across the world is not as protected as it could be and should be, and in some cases wasn’t even architected with cyber security as a consideration. If organizations don’t close the gaps, they can expect increasingly ferocious attacks that can result in massive business fallout and potentially actual loss of human life.

If you look back at cybercrime two decades ago and compare it to now, you’re looking at two very different worlds. Even a decade ago doesn’t measure up to the cyberthreats that organizations face today.

Many cyberattacks — like malware and phishing campaigns — have existed for decades. The problem is that organizations still remain vulnerable to these basic attacks — let alone more sophisticated techniques. In just 18 months, the ever-growing cybersecurity industry has experienced new work-from-home and hybrid work models, expanded attack surfaces, new IOT and other smart devices, and an overall rise in net new attacks.

So why don’t more enterprises have the right protection? Every day, businesses serving millions of customers are leaving themselves open to the kinds of attacks that breached the U.S. federal government in 2020 and paralyzed the Colonial Pipeline Company in 2021.

There is another way. Organizations can gain the visibility needed to detect these and other types of incursions and stop them before damage occurs, thus preventing significant business fallout.

As organizations think about business resiliency, this will be critical. Organizations can change the paradigm and, in doing so, not just level the playing field but gain a vital advantage.

Cybercrime Is a Booming Business

Protecting enterprises 20 years ago was almost quaint by comparison to where it is now: Think a few young hackers in some suburban garage. But today, there are organized criminal gangs whose entire business is oriented to extract data and money from yours.

Today for the low-level, young hackers, compromised passwords and discovering backdoors in various libraries and systems are the name of the game. Selling this data to the higher-level established criminal organizations is quicker and easier than breaching and monetizing the breach themselves.

The large — and sometimes state-backed — cybercriminal organizations have both the means and the wherewithal to deploy malware that’s near-invisible (FUD for Fullly UnDetectable) to most standard security solutions. These are the same kinds of antiviral products and services sold a decade ago. Except that now, instead of being complete security solutions, they’re only effective at addressing part of the problem. Once inside, cybercriminals walk laterally through target enterprises, deploying ransomware and extracting data to either sell on a very lucrative data market or hold the enterprises for ransom. Very little if any part of the security stack is able to see them and stop them once after the initial breach.

Who’s Looking At What Happens After the Initial Breach?

An organization’s infrastructure isn’t just desktop computers. In an increasingly hybrid world of work, it can include work-based laptops and mobile phones, IoT and other Internet-connected devices. Even modern automobiles are Internet-connected devices these days. And let’s not forget the ever-expanding production and OT environments that generate the revenues for these organizations.

All of these devices may utilize different protocols for different purposes but ultimately all of them use the Domain Name System (DNS) to initiate conversations over those protocols with external (and typically internal) assets. When looking to solve a complex and ever-expanding problem, often looking at the base level “what’s common across everything” is the best place to start. That’s where Protective DNS solutions come in.

Looking Forward

Protective DNS can change the game – visibility, inspection, and control over where devices are trying to communicate, what’s anomalous, and ultimately which communications with adversary infrastructure command-and-control should be stopped provides a unique yet straightforward way to drive business resiliency. Unfortunately, however, right now most business leaders see their own organization’s cyber risk increasing instead of decreasing. We’ve only seen the tip of the iceberg of the risks and costs of supply chain and ransomware attacks.

Five years ago, ransomware was a nuisance. Now threat actors are combining it with data exfiltration, and often utilizing the data even if ransom is paid, and/or maintaining backdoors in the enterprise for future incursions. Increasingly frequent supply chain and ransomware attacks highlight just how inadequate most enterprise-level protection is. This includes critical infrastructure that factors into most people’s daily lives in one way or another.

New Rules, New Game

As threat actors and attack vectors evolve, we’re already seeing progressively wider gaps in cybersecurity. Changing the game means looking at the problem differently. There’s never been a better time for delivering a fresh solution that offers the kind of protection businesses need today. Protective DNS should layer onto existing architecture now, providing real-time visibility into what’s happening, and interrupt attacks early in the kill chain before damage actually occurs.

Because ultimately, enterprises that stay ahead of bad actors discourage them from attacking them in the first place.

Don’t wait to protect your organization against cyber threats. Move full forward with HYAS today.