Spanish authorities claim two hackers caused failures to 300 RAR systems last year, while a natural gas pipeline operator in Luxembourg was recently the victim of a ransomware attack.
Spanish police have arrested two men believed to be responsible for cyberattacks against the country’s radioactivity alert network (RAR) last year.
This network is a mesh of gamma radiation detection sensors, deployed in certain parts of Spain to monitor for excessive radiation levels. This is to ensure protective measures are taken in the event of radiation to prevent damage to people and the environment.
Spanish police said the two men are former workers of a company contracted to maintain the RAR system, which gave them knowledge of the operation and how to launch an effective cyberattack.
The authorities added that they were able to mask their involvement, which significantly increased the difficulty of the investigation.
According to a police statement, the hackers attacked 300 of 800 RAR systems between March and June last year, causing connection failures to these sensors and reducing their detection capacity “even in the environment of nuclear power plants”.
These cyberattacks were stopped in June once authorities discovered the breach, which began an investigation to determine the cause of the incident. The motive of the sabotage is currently unknown.
CEO of cybersecurity firm Claroty, Simon Chassar, said while its good that Spanish authorities took the attack “extremely seriously”, it is a stark reminder to secure cyber physical devices within critical infrastructure industries.
“Cyber physical devices such as Internet of Things (IoT) devices and Industrial IoT (IIoT), are not always designed with security in mind, meaning they can have a number of vulnerabilities for threat actors to exploit,” Chassar said.
Chassar added that security teams need to have full visibility across all devices on their network and start patching security controls “where urgent”.
He added that networks should be segmented with asset class network policies to restrict unnecessary connectivity, which would help mitigate cyberattacks.
“Unfortunately, the systems that run the world are a prime target for hackers looking to cause disruption, so it’s vital that critical infrastructure organisations prioritise security across their entire environment,” Chassar said.
The threat to critical infrastructure was made clear recently with an attack against Creos, a natural gas pipeline and electricity network operator in Luxembourg.
The company suffered a ransomware attack between 22 and 23 July, during which various entities of the parent company, Encevo, were targeted.
The company said data was taken by the attackers and certain computer systems were made unavailable by the hackers. Encevo said there was no disruption to energy supplies from the attack.
It has been reported that the ransomware gang BlackCat has claimed responsibility for the attack. Researchers believe this gang includes members of the group responsible for the Colonial Pipeline cyberattack that occurred last year, TechMonitor reported.
EMEA director of technology at Illumio, Trevor Dearing, said the latest cyberattack mirrors the Colonial Pipeline attack and is another demonstration of cybercriminals targeting critical infrastructure organisations.
Dearing said these criminals aim to attack the commercial side of organisations which has the potential of leaking across the production network, which increases the chances of ransom demands being met.
“What’s more, in this case BlackCat posted details of the attack on their extortion platform, further piling the pressure on their victims to pay the ransom to have this retracted,” Dearing said. “An increasingly lucrative industry, cyberattacks will be a recurring nightmare so long as organisations continue to rely and invest entirely on detection as though they can stop all breaches from happening.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.