With the digitalisation of society as a whole, we are witnessing an increase of cyberattacks. Cyber threats are constantly evolving, they affect an ever-increasing number of sectors and interests, both economic and strategic. The three examples of attacks mentioned in this article are an illustration of this trend. 

The need for proper cybersecurity is so high that by the end of 2021, $6 trillion will be spent globally on cybersecurity (International Institute of Business Analysis). According to the Cisco Annual Cybersecurity Report, attackers can launch campaigns without human intervention with the advent of network-based ransomware worms. The number of security events increased in number and in complexity. Among all and numerous cyberattacks of all kinds (malware, phishing, Man-in-the-Middle (MitM) attack, Denial-of-Service (DOS) attack, SQL Injections, Password attack, etc.), three have received particular attention in 2021 because of the nature of their targets.

Colonial Pipeline ransomware attack, the largest cyberattack on an oil infrastructure target in the history of the United States

On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The attack on the largest fuel pipeline in the US disrupted fuel deliveries in twelve states for several days. The pipeline closure caused chaos as millions queued for fuel and the US Environmental Protection Agency were forced to initiate an emergency fuel waiver allowing states to see ‘off-spec’ gasoline to alleviate shortages.

In response, Colonial Pipeline Company halted all of the pipeline's operations to contain the attack. With the assistance of the FBI, Colonial Pipeline paid the requested ransom (75 bitcoin or $4.4 million) within several hours after the attack. The hackers then sent Colonial Pipeline a software application to restore their network, but it operated very slowly.

The FBI and various media sources identified the criminal hacking group DarkSide as the responsible party. The same group is believed to have stolen 100 gigabytes of data from company servers the day before the malware attack.

On June 7, the Department of Justice announced that it had recovered 63.7 of the bitcoins (approximately $2.3 million) from the ransom payment.

JBS pays $11m USD Cybercrime ransom in the largest attack to impact a company focused on food production

On May 30, the Brazilian JBS S.A., the world’s biggest meat processor, suffered a cyberattack, disabling its beef and pork slaughterhouses. The attack impacted facilities in the United States, Canada, and Australia. The attack threatened supply chains and caused further food price inflation in the US.

To prevent further disruptions, JBS paid the $11m USD ransom. The criminal group responsible were described by the FBI as one of the most specialised and sophisticated in the world. The attack was compared to the Colonial Pipeline cyberattack.

The attack is the largest to date to impact a company focused on food production. Some forty additional attacks on food producers occurred in the twelve months preceding the JBS attack (chicagotribune.com).

Florida’s Water Supply

On February 5th, a cybercriminal managed to infiltrate the city of Oldsmar’s (Tampa area, Florida) computer system and, for a short time, increased the sodium hydroxide level in the water supply to dangerous levels. An unknown hacker or group of hackers was able to gain access to the operations technology (OT) system of a water treatment plant. The attempt was thwarted by an operator who was able to reverse the change to the settings, before the toxic levels of the chemical reached the water.

In June, NBC News reported that last January a hacker attempted to poison a water treatment plant that served parts of the San Francisco Bay Area. “The hacker had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers,” according to the report. After logging in, the hacker reportedly deleted programs that the water plant used to treat drinking water.

As these three cases show, cyberattacks are not only a technical or an economic issue, an intellectual property issue or an extortion issue, it also concerns strategic infrastructures and vital economic sectors. As a consequence, cybersecurity is geopolitical and political as well.

Cybersecurity is therefore a central issue for all companies and governments. The latest trends in the sector will be discussed at the coming Cybersecurity Week Luxembourg (Oct 18-28), the moment and place in the year to promote Luxembourg’s cyber expertise and share knowledge and best practice. To echo this enriching week, an interactive report, “Cybersecurity Insights”, will be distributed digitally to more than 10,000 contacts from the IT, Cybersecurity sectors. “Cybersecurity Insights” will be published at the beginning of November. It will showcase business cases, the main highlights of the week as well as targeted content made of videos, podcasts, interviews and articles. All Cybersecurity Week partners are encouraged to echo their participation by thinking of targeted content to contribute to the “Cybersecurity Insights” report.