Malicious attacks on IoT and critical infrastructure gather pace

As the globe continues to wobble through the reverberations of COVID-19, observers say that the impact on critical infrastructure is likely to worsen.

Critical infrastructure – which includes government institutions, utilities, transportation and more – is now more vulnerable than ever given an exponential increase in attacks on the IoT technology that powers it.

Such technology has become a “soft target,” for malicious actors. That’s because Internet of Things (IoT) technology may be legacy technology, with inadequate updating and patching, and because the financial incentives to breach its security have grown.

Attacks on IoT Technology Garner Big Payouts

As a result, ransomware attacks on IoT have become more prevalent, with larger payouts possible for malicious actors.

Consider the February 2021 attack on the Oldsmar water plant in Florida; an attempt was made to manipulate the pH in the city’s water to dangerously high acidic levels by increasing sodium hydroxide (lye) by 100 times.

In May 2021, the Colonial pipeline was attacked for a ransom. A password leaked onto the dark web enabled malicious actors to access a virtual private network, then gain access to and take down the largest fuel pipeline in the U.S. Colonial paid the malicious attackers — an affiliate of a Russia-linked cybercrime group known as DarkSide — a $4.4 million ransom shortly after the attack.

Insiders say that the critical infrastructure environment is rife for breaches.

“The OT and ICS [incident command system] space is, honestly, the largest single attack vector with the greatest potential for impact,” said Curtis Simpson, CISO at Armis, in a podcast on critical infrastructure attacks . “OT and ICS are powering some of the most critical infrastructure in the world; it’s critical operations,” Simpson said.

To read the complete article, visit IoT World Today.