Dive Brief:

• Critical infrastructure companies, including oil and gas, electric power and water, are vulnerable to cyberattacks due to the rising dependence on automation and remote connectivity in their technology environments, according to Moody's Investors Service.
• These critical infrastructure firms have become a more frequent target of ransomware attacks, as criminal threat actors see the essential services they provide as leverage for quick financial payouts, according to the report. Critical infrastructure providers can little afford to face prolonged disruption, as witnessed by the disruption following the Colonial Pipeline attack. 
• Electric utilities are one of the few industries that have mandatory minimum standards for cybersecurity compliance, according to the report. Beyond that, the size and revenue model of the company can influence its readiness for malicious cyber intrusions.

Dive Insight:

The ransomware attack on Colonial Pipeline, rather than an isolated attack by an emboldened adversary, represented an escalation of an existing global trend where malicious threat actors target critical infrastructure sites. 

Colonial paid $4.4 million in ransom to a Russia-linked threat actor called DarkSide, after the attackers exploited a legacy VPN profile and compromised the company's IT environment.

"When it came to Colonial Pipeline shutting down, I think that was a big wakeup call for a lot of sectors in terms of what was originally a cyber issue on the information technology side, can disrupt operations, which is something that we've been focused on for a number of years now," Jim Hempstead, managing director in Moody's Global Project and Infrastructure Finance Group. 

Moody's cited data from Claroty, an industrial cybersecurity specialist, which showed 297 cyber vulnerabilities across the energy, water and wastewater sectors during the second half of 2020. The figures represented an increase of 23% from the 2019 period and 66% from the 2018 period. 

Moody's also noted a series of high-profile ransomware attacks on energy and other utilities around the world in recent months, including the June 2020 attack on Enel Group by the Snake ransomware organization and the February 2020 attack on a U.S. natural gas facility that had to halt pipeline operations for two days. 

The Oldsmar water treatment facility in Florida was also the target of a threat actor that gained remote access by exploiting the operator's supervisory control and data access system through TeamViewer. 

Some industries have taken steps to boost cybersecurity practices and regulatory oversight in recent months. Following the Colonial Pipeline attack, the Transportation Security Administration issued a directive that requires pipeline operators to report confirmed or potential incidents to the Cybersecurity Infrastructure and Security Agency and to maintain a cybersecurity coordinator.