Essential industries increasingly vulnerable to ransomeware

According to the World Economic Forum 2020 Global Risk Report, ransomware attacks are estimated to have cost Australia $1.4 billion in 2020. With payouts averaging $1.95M per incident, it’s not difficult to see why cybercriminals are increasingly flocking to this new style of high-tech extortion where they steal organisations' data and hold it to ransom, causing a huge amount of disruption and harm.

Not only do these attacks have a crippling economic effect, costing billions of dollars in damage and payouts, but the data exfiltrated by attackers can provide stolen credentials for other cybercrimes. Ransomware attacks are also changing, shifting towards criminal organisations providing professional ransomware as a service.

The problem for law enforcement with ransomware attacks is that it’s very difficult to find the perpetrators. Not only is it a blended crime, including different offences across different bodies of law, but it's also a crime that crosses different law enforcement agencies and spans many countries. Ransomware attacks involve a distributed network of different cyber criminals across the dark web, usually not known to each other to reduce the risk of arrest.

The impact on essential services

As the rewards that result from ransomware increase, so do the risks to the sorts of industries they are targeting, like the essential services we all rely on in our daily lives. Here I am specifically talking about the effect it would have on two major industry sectors; our energy and utility sector as well as our food and beverage industry. The resulting damage isn’t just of a technical nature, but a halt in their output will seriously impact their supply chains, profitability, data integrity and customer confidence in the brand.

Ransomware is a serious national security threat; underscoring the need to prioritise mitigation and contingency measures when protecting against these ongoing threats to the essential industries we simply could not function without. 

Consider the impact of losing electricity for a few weeks like the people around Mount Dandenong in Victoria, due to extensive damage to the electricity network recently. Without power our internet/WiFi and the ability to charge our mobile devices and electric vehicles, laptops, to heat and cool our homes and to power our entertainment. During the winter months, we need gas for heating and all year round for cooking and for those without electric cars we need petrol and diesel to get around. 

It goes without saying that there would be a significant impact if large Australian based food and beverage producers were crippled for weeks like the attacks on JBS Foods in 2021 and Lion in 2020. The volatility of this sector has already been highlighted recently by the panic buying during the pandemic that crippled food and beverage supply chains.

The heightened risks to the supply of energy and utilities 

Both energy and utilities require significant uptime to meet production targets and any attack that causes crippling downtime can cost a lot of money and have a potentially disastrous impact on their customers and therefore their brand. 

The recent ransomware attack on Colonial Pipeline in the USA should serve as a stark reminder to those responsible for critical infrastructure about the importance of security. This attack brought one of the US’s most vital energy infrastructures to a dramatic halt causing significant petrol, diesel fuel, heating oil and jet fuel shortages across the Eastern United States. 

What this shows is that organisations in the energy and utility sector must adopt a risk-led security strategy backed by a real-time decision and operational support system to mitigate and reduce the risk of future threats. The US Government Executive Order that resulted will now finally force companies in this sector to augment their authentication tools with strong Multi-Factor Authentication (MFA), enabling them to protect all critical assets.

Vulnerabilities in the food and beverage industry

The Australian food and beverage industry is Australia's largest manufacturing sector. Its annual turnover is $50 billion, which is more than 18 percent of all Australian manufacturing revenue. It is not only a major employer but all Australians rely on it for our daily sustenance.

The high levels of automation that maintain food and beverage manufacturing efficiency and enable fast processing that retains the quality of the ingredients make the industry an appealing target to cybercriminals, as the 2020 ransomware attack on Lion’s beverage manufacturing operations demonstrates.

The largest meat processing company in the world, JBS Foods paid $14.2 million to a cybercriminal gang to end a five-day attack that halted its operations around the world in June, including Australia.

Cybersecurity best practices prevent ransomware

All it takes is one employee failing to follow secure practices perhaps while working from home and an entire organisation could be exposed to account takeovers, ransomware or malware, resulting from stolen or phished credentials. 

The best way for essential industries to prevent phishing is to urgently implement strong MFA, which is one of the Australian Government’s Essential Eight mitigation strategies proven to limit the occurrence of ransomware and other cybersecurity threats. The preferred way to implement strong MFA is using phishing-resistant hardware-backed authentication methods, like FIDO security keys, which provide the level of strong authentication needed to prevent modern-day attacks.