Safeguarding Critical Water Infrastructure: A Collaborative Breakthrough

Critifence by Rayzone Group and Mekorot, the National Water Company of Israel, have joined forces to safeguard water infrastructure from cyberattacks. This joint project harnesses Critifence’s cutting-edge SCADADome XDR platform, providing an advanced and comprehensive solution to protect water facilities from cyber threats and address the unique security challenges facing critical infrastructure.

Critifence successfully completed a research and development project in cooperation with the Mekorot and the Water Authority, which aims to establish a robust information security infrastructure capable of safeguarding Israeli water infrastructure from cyber attacks. This infrastructure is designed to counter the security challenges inherent in SCADA and Command-and-Control systems that form the backbone of water infrastructure operations.

 

Critical Environments – A Prime Target for Cyber Attacks

Cyber-attacks have become the weapon of the 21st century. Critical infrastructures worldwide have become prime targets for malicious actors seeking to inflict economic, social, and environmental harm. Disrupting essential services such as electricity, water, transportation, and healthcare not only poses immediate risks but also threatens broader societal stability.

Command-and-Control systems are at the heart of operational environments in critical infrastructures. Any breach of these systems can lead to the disruption of vital processes, complicating maintenance efforts and jeopardizing operational integrity. “The rise in cyber-attack attempts of the critical infrastructure control and automation environments by groups of hackers with different motives – whether criminal, espionage, terrorism or political factors – is becoming increasingly widespread,” says Eyal Harari, Head of Cyber Security at Rayzone Group’s Cyber Security Division.

 

Necessity Drives Collaboration

The collaboration between Mekorot and the Water Authority stemmed from a necessity, following an increase in attack attempts and the complexity of recognizing these attempts in time. This led to Mekorot and the Water Authority to recognize the growing need and demand for advanced defence of cyber security in water systems and the water infrastructure.

Following a rigorous tender process and a comprehensive evaluation, they selected Critifence’s SCADADome XDR platform, the only solution offering complete protection for SCADA networks and Industrial Control Systems (ICS) among the options considered.

 

Comprehensive Visibility and Real-Time Monitoring

The SCADADome solution enables secure, quick, and versatile integration with critical infrastructures without the need for additional components like communication hubs.

Yossi Yaacoby, Head of Engineering at Mekorot, explains that the solution supports in a structured way the interfaces for systems that use serial interfaces. These systems make up about 70% of all SCADA systems in critical infrastructures today.

“The pinnacle of the SCADADome solution is the ability to monitor and receive information from various sources within the operating environment and the process, including the various systems and the control network, whether it is information collected from the network layer, intelligent insights, or logs from the various SCADA systems”, emphasizes Yaacoby.

“Using diverse sources and cross-referencing the information in real time, allows you to get a clear picture in the event of a cyber-attack, or various cyber threats that compromise the process and production layer. The ability to detect the anomalies allows management of unknown attacks (such as Zero-Day) or attacks such as those that can also reach existing equipment (FIRMWARE), and when they happen, they require an immediate solution that doesn’t impact the operational systems and the various process environments. These capabilities are unique to the solution and constitute one of its outstanding advantages”.

Alon Shpigner, Director of Mekorot’s Command-and-Control unit, underscores the importance of the partnership with Critifence, and its substantial contribution to defending global water infrastructures. “We welcome and are delighted that together we can assist in locating, identifying and preventing attacks on water infrastructures in Israel and beyond, thus providing protection for the most sensitive processes within critical infrastructures,” he says.

Critifence SCADADome XDR Platform (SXP)

 

Importance of Research to Safeguarding Critical Infrastructure

Critifence’s commitment to protecting critical infrastructure extends beyond the SCADADome solution. The company operates a dedicated research group focused on cyber threats and vulnerabilities in critical infrastructure. This team, comprising leading cyber researchers and hackers, has accumulated significant achievements, including the detection of over 20 zero-day vulnerabilities. Their findings have been shared through international cooperation with the US Department of Homeland Security (US-CERT), contributing to the neutralization of vulnerabilities in partnership with relevant manufacturers and enhancing critical infrastructure security.

“The group’s research and activity are the basis that constitutes the backbone for building the SCADADome solution and also for developing a dynamic and broad communication protocol analysis mechanism, which enables fast, accurate and high-quality adaptation for different and diverse SCADA environments that are the heart of the solution,” notes Roni David, Director of Tenders and Processes at Rayzone Group.

 

Evolving Methodology in Critical Infrastructure Defense

The evolving landscape of cybersecurity demands a paradigm shift in defense methodologies, transcending conventional approaches. Identifying and preventing cyber attacks while ensuring uninterrupted critical processes and operations is a paramount concern across infrastructures globally, including water, sewage, electricity, gas, and energy sectors.

Eran Goldstein, CEO and Founder of Critifence states, “The joint path of Critifence and Mekorot also led to a perception change regarding the methodology of protecting critical infrastructures, as well as the company’s security solution. In the past, critical infrastructure protection primarily relied on analyzing communication protocols for anomaly detection. Today, there’s a clear shift from traditional monitoring and protection solutions towards hybrid monitoring and identification approaches. The advantage of this approach is the ability to provide a broader and clearer picture of the various cyber threats and the backstory to their occurrence, thus enabling better communication, when they occur, between the parties responsible for the ongoing operation of the systems and infrastructure at the process level, and between the information security personnel and the technical parties.”

 

In Conclusion

The collaborative efforts of Critifence and Mekorot represent a significant milestone in advancing critical infrastructure protection. By harnessing innovation, research, and collaboration, they pave the way for a more resilient and secure future for essential services worldwide.

 

For the full article in Hebrew, as published on The Marker, click here

 

We are here to answer your questions and provide you with the information you need! Contact us at info@rayzoneg.com and let us know how we can help.

 

Millions Lost, Data Exposed: The Growing Threat on Financial Institutions

Cyberattacks are on the rise in the financial sector, causing significant financial losses and disruption.  According to the IBM Cost of a Data Breach Report 2023, the financial sector rank second, only behind healthcare, in cyber incident damage.  The average cost per attack for financial organizations is a staggering $5.9 million, exceeding the global average of $4.45 million.

 

The Threat of Ransomware

Globally, ransomware is the leading culprit behind financial service disruptions. This malicious software encrypts data, essentially holding it hostage until a ransom is paid to regain access.

 

Types of malwares in successful attacks on financial institutions (Q1–Q3 2023)

Source: Positive Technologies

 

On May 2023, a high-profile attack involved LockBit, a ransomware group, targeted BSI, a major Indonesian bank. The attack disrupted BSI’s branches operations and ATMs, with attackers demanding $20 million ransom. When the bank refused, they leaked a massive 1.5 TB of confidential data online.

CNA Financial Corp., a leading U.S. insurance company, paid a $40 million ransom in March 2021 to regain control of its network after a ransomware attack that encrypted its systems and compromised its data.

 

Key figures about ransomware in Financial Institutions

Source: Sophos

 

Beyond the Financial Toll: Disruption to Business Operations & Reputational Damages

The damage caused by cyberattacks goes far beyond immediate financial losses. Disruptions to services, delayed transactions, and locked-down operations can cripple a financial institution. The more critical the system attacked, the greater the operational cost.

But the impact goes deeper. Breaches cast doubt on the organization’s ability to safeguard sensitive information, potentially leading to customer churn. Negative media coverage further amplifies the damage, jeopardizing stakeholder confidence and market sentiment.

The value of customer trust is immeasurable. A tarnished reputation can have a long-term impact on brand value, market share, and even stock prices for publicly traded companies.

 

Building Cyber Resilience

Building cyber resilience is crucial for financial institutions to mitigate these risks. RayzSecurity, Rayzone Group’s cybersecurity division, offers a unique comprehensive Red Team exercise that simulates real-world attacks, assessing the digital security posture and mitigate vulnerabilities.

This exercise provides valuable insights and actionable recommendations for immediate remediation and long-term prevention. We are committed to helping organizations implement best practices and build a robust security posture to safeguard their institution, data, and customers.

 

Contact us today at info@rayzoneg.com and learn more about our Red Team exercise and how it can safeguard your financial institution.

Ransomware and Resilience: Protecting Critical Infrastructures in the Digital Age

In today’s interconnected world, one of the areas that are particularly vulnerable to cyberattacks is critical infrastructure.

Critical infrastructure refers to the systems and assets that are essential to the functioning of a society and its economy, such as energy, transportation, healthcare, water supply, financial institutions and more. As technology advances, so do the vulnerabilities and threats that can jeopardize these essential systems. According to a recent study, in 2022, there was a 140% surge in high-impact attacks on critical infrastructure.

Let’s explore some of the more notable cyberattacks targeting critical infrastructure in the recent years:

Colonial Oil, the largest pipeline in the US, was hit with a massive, targeted ransomware attackOn May 2021, Colonial Oil, the largest pipeline in the US, was hit with a massive, targeted ransomware attack.

The pipeline, which supplied over 45% of the East Coast’s gas, diesel, and jet fuel, was forced to shut down its operations entirely, causing fuel shortages across the eastern seaboard and states of emergency to be declared in four states. It took the pipeline 11 days to partially recover after the company ended up paying $5 million dollars in ransom.

 

Cyber Attack on Israeli Water SupplyIn April 2021, Israel suffered a cyberattack on their water facilities designed to spike chlorine and other chemicals to harmful levels into public water.

Had the attack been successful, civilians would further overload hospitals, farmers would destroy their crops, and further implications would ravage the country during the peak of Covid-19 pandemic.

 

cyberattack at the Oldsmar water treatment facility in FloridaEarlier In 2021, the United States experienced a similar cyberattack at the Oldsmar water treatment facility in Florida.

Unlike the attack on in Israel, this attack was successful. The unknown hacker managed to raise the lye content in the water supply from 100 parts per million (ppm) to 11,100 ppm! Thankfully, before any damage was done, an engineer noticed this substantial increase and decreased the lye count back to its normal level.

 

One of the most potentially dangerous cyberattacks on industrial infrastructure - the Triton Malware AttackOne of the most potentially dangerous cyberattacks on industrial infrastructure – the Triton Malware Attack.

The Triton Malware Attack nearly caused a massive explosion. It was discovered in a Saudi petrochemical plant and allowed hackers to take over the plant’s safety systems. According to an FBI warning, the Triton malware remains a threat to the global energy sector even today, 5 years after the incident.

 

KillNet Cyber Attack on hospitalsKillNet, a pro-Russian group, has led several sustained DDoS attacks at Ukrainian allies since the start of the conflict.

More recently, they hit numerous European hospitals, including the University Medical Center Groningen (UMCG) in the Netherlands with massive DDoS (Distributed Denial of Service) attacks, crashing their websites. They have also taken down Lithuania’s power grid, and struck over a dozen US airports, canceling flights and disrupting operators.

 

Protecting Critical Infrastructures from Cyber Threats

Given the high stakes, safeguarding critical infrastructures from cyber threats is a top priority! It is not an option but a necessity to ensure public safety, economic stability, and national security. The proactive adoption of robust cybersecurity measures, combined with collaboration and continuous alerts, is essential against the ever-evolving landscape of cyber threats.

Critifence provides unique cyber security solutions designed for critical infrastructure, SCADA and Industrial Control Systems which allow to passively monitor and control OT networks.

The SCADADome XDR Platform (SXP) is a new generation of cyber security technology that provides a multilayered defense ability designed to correlate between operation and security teams of the OT and IT networks, using different techniques such as machine-process learning, anomaly detection and hybrid data sources.

Critifence SCADADome XDR Platform (SXP)

 

We are here to answer your questions and provide you with the information you need! Contact us at info@rayzoneg.com and let us know how we can help.

 

WOULD YOU LIKE TO LEARN MORE?

CONTACT US