Bringing the internet so close to our lives is a double-edged sword. Of course, this technology enables us to scour all human knowledge with the help of our fingertips. However, it can also assist criminals in attacking critical infrastructure and endanger the lives of millions of people.
One such attack happened in the United Kingdom, where hackers disrupted a water supplier. Luckily, the water supply wasn’t affected because of the security system installed by a company called South Staffordshire PLC. None of their 1.6 million consumers experienced a problem on that day.
Based on the information that appeared on the dark web, a ransomware group called Clop wanted to target the biggest water supplier in the United Kingdom, Thames Water. They posted on their website that they successfully completed their attack, but Thames Water denied their claims immediately, saying that the information was false.
Clop then dumped a lot of data on the dark web, and experts that analyzed the data confirmed that the attack was on South Staffordshire PLC and not Thames Water. The spreadsheet that Clop published contained employee driver’s licenses, passports, email addresses, passwords, usernames, and screenshots from the SCADA systems used to treat the water. That’s a scary amount of data that the hackers collected.
Why is it happening?
Cybercriminals are increasingly targeting critical infrastructure that directly influences human lives. Regular hackers use ransomware to steal data and then ask for money in return. However, this new breed of hackers uses killware, which can endanger millions of people with a single click.
That increases the motivation of governments and law enforcement to pay money and listen to their demands. Withholding water access during times of drought or wildfires can cause irreparable damage to households, forests, and human lives. That’s why all operators need to have security systems in place.
We all know that electricity providers, water suppliers, and hospitals don’t put a lot of emphasis on their cybersecurity. That makes them a prime target because their infrastructure is already vulnerable.
One of the most shocking ways in which killware was used happened last year. Hackers targeted a water treatment facility and wanted to poison the water. If the attack succeeded, it could have wiped out millions of innocent people. Thankfully, one of the operators saw what was happening and mitigated the attack.
What measures can you take to protect yourself?
Our parents taught us not to talk to strangers a few decades ago. Now, the saying needs to be changed. Don’t open emails from strangers. Phishing emails are on the rise again, and instead of a “prince” hitting your inbox with a million-dollar offer, you’ll get an attachment that looks innocent. As soon as you click on it, a virus can enter your device without you knowing about it. Even cybersecurity experts can be fooled. So rule number one is never to open emails from strangers.
Next comes network security. You should never connect to public Wi-Fi unless you have a VPN. Never. Even a second of being connected to a public network can expose your IP address, and your sensitive info will leak to the web. Virtual private networks are special programs that hide your connection from prying eyes, making it safe to connect. A simple VPN Chrome extension can make the difference between browsing safely and getting your bank wallet drained.
Furthermore, you should educate your friends and family. If your home network becomes compromised, it doesn’t matter what kind of security precautions you take. The same is true if you go to your friend’s house and connect to their Wi-Fi. Many parents make the mistake of not teaching their kids about cybersecurity. If they have a device, they’re old enough to learn about the best practices to keep them safe. However, that doesn’t mean you should fill their head with negative information. Instead, just teach them how to use the internet correctly.
Finally, don’t share personal information freely online. Don’t create an account with your primary email address when visiting a suspicious site. Create a few fake ones and use them on a burner device. That way, even if something bad happens, the hacker won’t be able to trace the real you. Don’t include your name where it isn’t needed, and treat everyone online as you would a stranger on the street.