By Nikhil Korgaonkar, Regional Director, Arcserve India & SAARC
Critical infrastructures are vulnerable precisely because they are so important. These essential services can disrupt public life significantly if they are turned off for even a day or two. The bad guys know that much is at stake when they disrupt these systems. They know they have a solid chance of making a quick profit as the cost and labor of manual ransomware recovery is so high that victims often pay the ransom to maintain service continuity.
The US Colonial Pipeline ransomware attack, which temporarily paralyzed the country’s largest fuel pipeline, resulted in fuel shortages along the east coast. The company admitted it paid the hackers nearly $ 5 million in ransom just one day after discovering malware on its systems.
Back in India, the Stuxnet virus targeted Indian servers and infected between 10,000 and 80,000 computers. Although there have been no reports of significant disruptions, India was the third largest victim of the Stuxnet after Iran and Indonesia. In another major incident, a malware attack on the Kudankulam nuclear reactor in Tamil Nadu breached its administrative network in September 2019. The malware was reportedly specially designed, suggesting that it was an intentional hack. Most recently, the RedEcho hacker group targeted the Indian electricity sector, ports and parts of the railway infrastructure. This attack on the power sector can be blamed for a massive blackout in Mumbai in October 2020.
A problem that is getting worse
The reality is that critical infrastructures operated by federal, state, and local government agencies are increasingly affected by ransomware attacks. Data from India’s Computer Emergency Response Team (CERT) and National Critical Infrastructure Protection Center (NCIIPC), the two government agencies that monitor malicious cyber activity, have identified multiple attacks on India’s critical infrastructure. These attacks have only increased in size and frequency over the year, making protecting critical infrastructure a major cybersecurity priority for India.
And it’s safe to say that we can expect more of it. Why? Because while ransomware has evolved and attacks accelerated, spending on upgrading critical infrastructures has not been able to keep pace. The public sector largely relies on proven technologies that have worked in the past but are showing their age. In fact, many government agencies continue to use outdated hardware, software, and networks that are vulnerable to today’s persistent threats.
In addition, there is the rapid changeover to virtual operations in the wake of the COVID-19 pandemic. Businesses create, share, and access data from remote locations on less secure networks, and hackers are on their way. Bitdefender reports that ransomware attacks rose a staggering 485% in 2020 and many of the targets are in the public sector.
There’s even a new trend called Ransomware-as-a-Service (RaaS). This subscription-based model allows virtually anyone to use already developed ransomware tools to launch attacks. The malware’s developers fill their pockets by taking a percentage of every ransom payment received.
Overall, the problem of cybercrime is now immense, with losses totaling $ 6 trillion a year, notes Cybercrime magazine. Bring all cyber criminals in one place and make them one nation and they would have the third largest economy in the world after the US and China.
3-2-1-1 Data protection offers defense
All government agencies must improve their efforts to identify, deter, protect from, detect and respond to these acts and actors. So what can the public sector do to defend itself and our critical infrastructure?
One of the first steps is to adopt the 3-2-1-1 data protection strategy. The 3-2-1-1 strategy states that you have three backup copies of your data on two different media, e.g. The last point in this equation is immutable object storage.
Immutable Object Storage continuously backs up information by taking snapshots every 90 seconds. You can restore your data quickly, even in the event of a disaster. Immutable snapshots are read-only versions of metadata for data and files. These snapshots provide point-in-time data recovery. With snapshots, you can revert to a previous file status in the event of downtime, natural disasters, or ransomware attacks. Immutable snapshots cannot be modified, overwritten, or deleted, so they protect data integrity from loss due to human error, hardware failure, or ransomware attacks.
Immutable snapshots enable schools to better protect student, instructor and business records, and protect data from accidental deletion or cyber theft. For their part, health organizations could ensure the smooth and uninterrupted provision of services and processes – even during a disaster or ransomware attack.
Critical infrastructures can be kept running with the right cybersecurity strategy and ultimately withstand the worst cyber criminals can throw at them.