It would appear that phishing, the simplest form of cyber attack, is behind the breaching of facilities posing the greatest risk to human life.
Unidentified hackers have been attempting to breach nuclear power plants in the United States according to a joint report from Homeland Security and the FBI.
Information regarding the severity of the attacks and the motives behind them were not detailed specifically.
However, the analysis of the attack in the report shows a pattern of targeting employees who work in positions with access to critical systems that could result in human life being endangered, and massive environmental risk.
While the report also shows that manufacturing plants and energy companies are continually targeted, the potential risk of hackers gaining entry to a nuclear facility is highly concerning.
According to The New York Times who first shared the details of the report, one facility was noted, the Wolf Creek Nuclear Operating Corporation. The facility is responsible for the operation of a nuclear power plant situated in Kansas.
Given the storm of debate regarding Russian hacking interests in the U.S., it will be impossible for many to ignore potential connections following the revelation of attacks on nuclear power plants, especially with tension running high between the two global super powers.
The thought of malicious cyber attackers who could be acting on a nation state level is terrifying, especially given the global havoc that can be achieved by simplistic cyber attacks such as ransomware or phishing.
Fraser Kyne, EMEA CTO at Bromium said: “Whether this creates a disaster such as a hazardous spillage or power outages for millions, or something less dramatic like a heap of business disruption for the plants that have been attacked, its clear security has to change. Once again, it is the end user that has been targeted with infected email attachments. This is a common theme in recent breaches. If you are a busy engineer, who is recruiting at the moment and get sent a CV why wouldn’t you open it? Regardless of whether you work in a nuclear facility or in an office you can’t question every action you take on a PC. Yet that’s what the current status quo in security expect.
We have heard a great deal about the potentially catastrophic risks posed by human fallibility in the world of cyber security. The concerning truth is that human beings are also in charge of nuclear power plants, capable of making the same mistakes as anyone else.
“We know that users are the weakest point in a company’s defence against cyber-attacks, and yet we still see successful breaches on a weekly basis. This highlights the need for a new way of thinking about cybersecurity on the whole as current defences are not up to the task. We can’t continue to expect users to be the last line of defence. By isolating tasks with virtualisation-based security you can effectively nip such attacks in the bud and take the onus and responsibility for security away from the user,” said Kyne.