A Year in Cyberattacks: Lessons for Critical Infrastructure Security

As industries such as utilities, manufacturing, and others grow increasingly reliant on operational technology (OT) to run their businesses, we’ve seen cyberattacks targeting these critical systems surge over the last year. We examined some of 2024’s more notable cybersecurity incidents impacting companies with critical infrastructure. We also explore how ARIA’s AZT PROTECT? solution could have thwarted these attacks, providing a blueprint for safeguarding systems in this dangerous new era.

Utilities Increasingly Under Attack Water and wastewater utility companies experienced an increase ransomware and nation-state backed attacks in 2024. The attacks can lead to service disruptions, and in almost all cases the attacks forced water utilities to go into manual control of their facilities, triggering high expenses for up to months after such attacks are detected. These attacks highlight the growing threat to critical utilities, underscoring the extreme cost impact to maintain essential services and the potential risk to public safety for water services.?

The Environmental Protection Agency (EPA) conducted a passive cybersecurity assessment of 1,062 drinking water systems serving over 193 million people in the U.S. The assessments identified 97 systems with critical or high-risk vulnerabilities and another 211 systems with medium or low vulnerabilities. Exploitation of these vulnerabilities could lead to service disruptions, physical damage, or public safety issues. The resulting financial impact could be substantial: the report noted that a one-day disruption of water service across the U.S. could jeopardize $43.5 billion in economic activity. These findings further highlight the need for enhanced cybersecurity measures in drinking water infrastructure to mitigate potential risks. The EPA’s mandatory five-year cyber risk assessments begin in 2025. We recommend deploying ARIA’s AZT PROTECT as an important step in reducing risk in conjunction with such assessments.

Energy Firm Suffers Multiple Infiltrations

French multinational Schneider Electric bookended 2024 with ransomware attacks. In January, the Cactus ransomware group hit Schneider’s Sustainability Business, impacting their EcoStruxure Resource Advisory platform—which is used by over 2,000 companies to interpret their energy and sustainability data—and other division-specific systems. The attackers claimed to have exfiltrated more than 1.5TB of data, leaking about 25MB of the stolen data on the dark web. While Schneider mobilized its incident response team to address the breach and noted that its products and services were not affected, it does not diminish the fact that 2,000 energy customers were impacted by this attack.

Could These Attacks Have Been Prevented?

We believe that these incidents are preventable. ARIA Cybersecurity Solutions patented AZT PROTECT? solution could have stopped these types of attacks through its comprehensive suite of cybersecurity capabilities. AZT PROTECT’s AI-driven behavioral monitoring would identify the appearance of malicious code and stop it before execution. Additionally, micro-segmentation limits access to critical systems, making lateral movement by attackers to them nearly impossible.

?For ransomware scenarios, blocking the execution of the code used to execute the attacks would stop them early in the attack chain and give a warning of their presence. In the case of Schneider Electric and American Water, the early ability to stop malicious code execution and privilege escalation of affected systems could have mitigated or entirely avoided service disruptions. By integrating these advanced protections, AZT PROTECT significantly reduces the likelihood and impact of cyberattacks on critical infrastructure, creating a proactive and resilient defense strategy.

As these incidents demonstrate, the stakes are higher than ever for industries relying on OT. Cybercriminals are becoming more sophisticated, and the impact of successful attacks can be devastating. ARIA Cybersecurity Solutions AZT PROTECT? offers a comprehensive solution, providing real-time monitoring, AI-driven threat detection, and advanced segmentation to secure OT environments.?

For this blog and other valuable resources, visit: https://blog.ariacybersecurity.com/blog/a-year-in-cyberattacks-lessons-for-critical-infrastructure-security-aria-cybersecurity

Don’t wait until it’s too late. Contact ARIA today to learn how AZT PROTECT? can safeguard your critical infrastructure and help you stay one step ahead of the cyber criminals.