The threat of ransomware has loomed over critical infrastructure, such as utilities and transportation networks, for years. A 2018 report by the American Petroleum Institute warned of dire risks to the national gas and oil industry, and last month, the U.S. Department of Energy announced a focused 100-day initiative to modernize the nation’s electric grid to improve cyberattack visibility, detection, and response.
On May 7, security experts’ fears were realized when Colonial Pipeline Company, which supplies nearly half of the U.S. East Coast’s petroleum, was hit by a ransomware attack that forced it to shut down some systems and temporarily suspend all pipeline operations. The attack, for which ransomware gang DarkSide has claimed responsibility, prompted the U.S. Department of Transportation to issue an emergency order lifting some regulations on drivers carrying fuel in 17 states and the District of Columbia.
IT-OT Convergence Fuels Cyberattacks on Utilities
This isn’t the first ransomware attack on a U.S. energy company. Last year, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) issued an advisory after a ransomware attack on an unidentified natural gas compression facility impacted “control and communication assets on the [facility’s] operational technology (OT) network,” forcing it to shut down for two days. The advisory goes on to explain that the attack began with a spearphishing scheme, by which cybercriminals breached the facility’s IT network, then used this access to pivot to OT systems and plant the ransomware.
Historically, IT systems were siloed from OT systems, the highly specialized industrial hardware and software used by utilities, transportation networks, and manufacturers. OT systems were typically air gapped, meaning they weren’t connected to IT systems or the internet. However, as utilities and other organizations handling critical infrastructure digitally transformed, OT systems were connected with IT systems and hooked up to the internet.
This IT-OT convergence enabled utilities to deliver energy more efficiently, benefitting both consumers and the environment, but it also enabled cybercriminals to use IT systems as a backdoor into OT systems. While cyberattacks on IT systems are costly and destructive, most of them don’t put people’s lives in danger. The same cannot be said for attacks on OT systems, which have real-world ramifications. Cyberattacks on utilities can damage grid assets, causing power outages, tainting water supplies, damaging the environment, and putting human health and life at risk.
Securing Passwords Goes a Long Way Toward Securing Critical Infrastructure Against Ransomware
According to a recent study by Coveware, about 75% of ransomware attacks begin one of two ways, both of which leverage compromised login credentials:
- By compromising remote desktop protocol (RDP) services, either by exploiting an unpatched vulnerability or using a stolen or guessed password.
- Through email phishing.
This means that simply by securing their passwords, energy providers and other critical infrastructure organizations can substantially reduce their risk of a ransomware attack. Additionally, because compromised login credentials are also responsible for over 80% of successful data breaches, they’ll simultaneously be defending their systems against data breaches.
Keeper helps energy providers and other critical infrastructure organizations secure their OT systems by securing the most vulnerable part of their IT networks, their employees’ passwords. Keeper’s zero-knowledge, enterprise-grade password security and encryption platform gives IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies organization-wide, including strong, unique passwords and multi-factor authentication (2FA). Fine-grained access controls allow administrators to set employee permissions based on their roles and responsibilities, as well as set up shared folders for individual groups, such as job classifications or project teams.
For enhanced protection, organizations can deploy valuable add-ons such as Keeper Secure File Storage, which enables employees to securely store and share documents, images, videos, and even digital certificates and SSH keys, and BreachWatch™, which scans Dark Web forums and notifies IT administrators if any employee passwords have been compromised in a public data breach.
Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization. Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.