The Volt Typhoon threat group has successfully infiltrated the operational technology (OT) network of a small public utility in Massachusetts, marking a concerning vulnerability in the US electric grid. Cybersecurity analysts at Dragos disclosed that this unauthorized access persisted from February to November 2023. The breach underscores the persistent risks posed by advanced cyber threats.
"One of the biggest challenges with cybersecurity in critical infrastructure is the long lifespan of the devices. Something that was designed and tested to the best practices available when it was released can easily become vulnerable to attacks using more sophisticated attacks later in its lifecycle," said Tim Mackey, who leads software supply chain risk strategy at Black Duck.
These sentiments were echoed by Nathaniel Jones, vice president of threat research at Darktrace, who pointed out that the ongoing impact on Critical National Infrastructure (CNI) is a "continued and growing concern with the applications of AI-based capabilities for both offensive and defensive teams." He highlighted that the rise of artificial intelligence in cyber threats could complicate defensive measures.
Qualifying
Experts speculate that the targeting of CNI entities is strategically significant, potentially allowing threat actors to gain geopolitical leverage. Donovan Tindill, director of OT cybersecurity at DeNexus, explained that data exfiltration from OT networks enables attackers to pursue several harmful objectives. These include manipulating OT systems, using data for ransom, mapping the electrical grid, and stealing vital intellectual property.
"Attack sophistication is on the rise, and OT/ICS organizations shut down when faced with a cyber-attack," noted Agnidipta Sarkar, vice president CISO advisory at ColorTokens. "Unfortunately, cyber OT leadership is focusing on stopping attacks instead of stopping the proliferation of attacks."
"Attack sophistication is on the rise, and OT/ICS organizations shut down when faced with a cyber-attack,"
The breach at Littleton Electric Light and Water Departments was met with a rapid response from Dragos analysts. Investigators mapped out the attackers' movements, including techniques such as server message block traversal and remote desktop protocol lateral movement. Thankfully, the utility managed to contain the threat without compromising sensitive customer data.
Qualifying
As the threat landscape continues to evolve, experts urge CNI organizations to enhance their monitoring and defense strategies. They emphasize that safeguarding critical infrastructure like the electric grid requires a sustained commitment to security expertise, advanced technology, and robust risk mitigation strategies.
In conclusion, the Volt Typhoon incident is a wake-up call for cybersecurity in critical infrastructure. The necessity for adaptive security measures is becoming increasingly urgent in light of the rising sophistication of cyber threats. A proactive approach could mean the difference between security and vulnerability for essential services across the nation.
