State Actors May Be Targeting Your Infrastructure: Is Your Patching Up to Scratch?
Infrastructure is at the core of any business – whether it’s a pipeline for liquids, a data center, or the development process you’ve taken years to build. An organization that sustains heavy damage to its infrastructure could take a very long time to recover – and, in some cases, may never recover to its former status.
For threat actors, this makes infrastructure one of the biggest targets. By going after a company’s infrastructure, a threat actor could inflict major damage (or extract a huge ransom). The stakes become truly high when the threat actor is a foreign nation-state.
Yet infrastructure attacks rely on many of the same attack vectors as any other cybersecurity breach – no matter who it is that instigates it. In this article, we’ll outline how state actors are frequently targeting government and business infrastructure, and why keeping systems patched remains one of your best lines of defense.
What is infrastructure, and what are the risks?
Infrastructure is the foundational element of an organization. Infrastructure supports operations and enables them to function effectively. This can include physical resources, such as equipment and facilities, as well as organizational components, such as processes, systems, and policies.
Organizations that build a strong infrastructure will streamline their operations, increase efficiency, and ultimately improve their bottom line.
On the flipside, if an organization’s infrastructure is harmed, it can lead to a range of risks and consequences – including downtime, data loss or theft, financial losses, regulatory non-compliance, damage to reputation, operational disruption, and employee morale.
Threat actors know that a successful attack can have a significant impact on their target’s operations, reputation, and financial well-being. Therefore, it is important for organizations to take steps to prevent the risk of infrastructure harm due to a cybersecurity attack and to have a solid plan in place to respond quickly and effectively if harm does occur.
Who are state actors – and how do they target infrastructure?
In cybersecurity, state threat actors refer to individuals or groups that are sponsored or directed by a government or state entity to conduct cyber-attacks against other nations, organizations, or individuals.
State threat actors can be highly skilled and well resourced, and they may have a wide range of motivations, including espionage, political or economic gain, disruption of critical infrastructure, or sabotage. Tactics and techniques used include phishing, malware, ransomware, denial-of-service (DoS) attacks, and advanced persistent threats (APTs).
Some analysts consider state threat actors the most sophisticated and dangerous type of cyber threat, as they have the backing of a nation-state and may have access to significant resources, intelligence, and expertise.
Examples of attacks by threat actors
Defending against state-sponsored cyber-attacks can be challenging, and it requires a high level of cybersecurity preparedness, including robust defenses, strong security policies, and effective incident response plans. Unfortunately, it doesn’t always work out.
Here are a few examples of successful attacks:
- SolarWinds attack: In late 2020, it was discovered that Russian state-sponsored hackers compromised the software supply chain of SolarWinds, a Texas-based IT company that provides services to the US government and other organizations. The hackers inserted a backdoor into SolarWinds’ software development infrastructure – which was then distributed to many of SolarWinds’ customers.
- Colonial Pipeline attack: In May 2021, a Russian criminal group known as DarkSide hacked into the computer systems of Colonial Pipeline, one of the largest oil pipeline operators in the US. The hackers used ransomware to encrypt the company’s data. The attack caused significant disruption to the company’s operations and led to fuel shortages and price increases in several US states.
- Oldsmar water treatment plant attack: In February 2021, a hacker gained remote access to the computer systems of a water treatment plant in Oldsmar, Florida. The hacker attempted to increase the levels of sodium hydroxide (lye) in the water supply to dangerous levels. The attack was discovered and prevented before any damage was done.
- OPM data breach: In 2015, Chinese hackers breached the computer systems of the US Office of Personnel Management (OPM), which handles security clearances and personnel records for federal employees. The breach exposed the sensitive personal information of millions of current and former government employees, including security clearance data.
It happens right around the world too, as seen by the attack on the Ukrainian power grid in 2015. A group of hackers linked to the Russian government launched a cyberattack on the computer systems of Ukraine’s power grid, causing a blackout that affected over 200,000 people. The attack is considered to be the first known case of a cyberattack causing a power outage.
In every case, attackers managed to infiltrate key infrastructure – both physical and electronic.
Unpatched vulnerabilities are still a key gateway
Known vulnerabilities remain one of the most common ways in which a state actor can find their way into a victim’s network – and then onwards to proceed and execute an attack. One would think that most organizations would get patching right, securing systems through consistent patching, but the reality is different.
This is due to a mix of factors. A few organizations simply don’t prioritize patching due to a lack of awareness. However, in most instances, inconsistent patching comes down to difficulty with managing the workload involved.
Thousands of new vulnerabilities emerge every year. In large organizations, this means countless instances of patching – which needs to be performed by a limited team. Patching automation can help, but there’s still the issue of scheduling downtime. Often the disruption is simply too much to handle, and patching is frequently delayed for quite a long time.
The result: somewhere there is a system with a yawning vulnerability that’s not been patched simply because nobody got around to it – making it the perfect opportunity for a determined state actor to find a way to mount an infrastructure attack.
Live patching as a way forward
Live patching provides a simple solution to this problem. Teams that use live patching don’t need to reboot systems to apply a patch. Instead, live patching integrates secure code into a running service, with no disruption.
Add the built-in automation that live patching offers, and you have a solution that works seamlessly to ensure consistent patching of known security vulnerabilities. In turn, state threat actors have fewer opportunities to mount an attack – which means your infrastructure is safer.
With TuxCare, you can live patch a range of services – including your Linux OS, databases, and much more. To read more about how TuxCare’s live patching works simply click here.