Oswaldo Palacios, Senior Account Executive, Akamai, says critical infrastructures have become the most desired target of terrorist attacks – as well as cyberattacks by individuals – with reported incidents increasing by 668% globally since 2022.
Netflix’s new American series Day Zero portrays a massive nationwide cyberattack against transportation and energy infrastructures throughout the United States, causing the loss of human lives. This event, far from being considered unreal, leads us to reflect on whether Latin American countries are prepared to face an attack of this type.
In recent years, critical infrastructures have become the most desired target for terrorist attacks, cyberattacks by individuals and even hybrid attacks by governments and intelligence services. Attackers are increasingly using disruptive tactics, rather than stealing data, as disruption to operations can yield more consistent returns than trying to sell stolen records on the black market.
The world’s critical infrastructures have suffered nearly 900 million attacks of varying magnitude through 2024, according to Forescout Research – Vedere Labs. Since 2022, reported incidents in critical infrastructure increased from 50 to 384 globally, or 668%.
Threat actors have attacked 176 countries, 13 more than in 2023.
Nation-state cyberattacks are often differentiated from other types of cyber threats by their severity and their complex, sophisticated and very well-funded nature. Threats to critical infrastructures could affect any government as it is unable to continue and carry out the basic activities of society normally. However, the problem worsens when one critical infrastructure is dependent on another.”
“The rise of artificial intelligence has allowed attackers to identify vulnerable entry points and critical assets within organizations, with accuracy and speed, and has helped attackers generate malware and ransomware faster. On the other hand, the legacy infrastructure used by many utility units is often old, making them fertile ground for exploitation.
Recently, Akamai’s Security Intelligence and Incident Response (SIRT) team assisted in a law enforcement operation to dismantle a major pro-Russian hacktivist group called Anonymous Sudan. It is known for using massive DDoS attacks, targeting both anti-Russian as well as anti-Muslim groups and entities. Lately, they’ve launched attacks almost weekly, targeting airlines, governments, banks, large companies, airports, and telecommunications companies.
This year we see a change in attack vectors, which will focus more on application programming interfaces. As organizations deploy more APIs, they will be more exposed to threats and the risk of misuse will increase. Properly identifying, managing, and securing APIs will be even more important components of a robust cybersecurity strategy, as will micro-segmentation.
Cybersecurity strategies to prevent nation-state attacks
Nation-state-funded cyber operations have seen a significant increase due to rising geopolitical tensions. These attacks have increasingly targeted critical infrastructure, demonstrating the urgent need for government agencies to adopt proactive threat intelligence and surveillance strategies.
Akamai suggests seven security measures that government institutions should consider to prevent potential attacks on their critical infrastructure:
- Proactively assemble a crisis response team and ensure that manuals and instructions and incident response plans are up to date. An instruction manual that references outdated technology assets or people who have long since left the company will be of no use.
- Implement DDoS security controls under an “always-on” mitigation posture as the first layer of defense to avoid an emergency integration scenario and reduce the burden on incident response teams.
- Review major subnets and IP spaces, and ensure mitigation controls are in place.
- Explore custom WAF rules to match certain geographic attributes and help reduce malicious traffic coming from unwanted territories.
- Perform accurate analysis and assessments of critical infrastructure. There are solutions that allow you to improve the visibility of all platforms independently, instead of having to use multiple systems.
- Having modern software-defined segmentation is the simplest way to reduce the blast radius of an attack. Software-defined segmentation allows you to isolate critical applications without making changes to the IP address or VLAN; It can even act as a virtual patch for legacy operating systems that have reached the end of their useful life and cannot otherwise be effectively protected, but are still needed.
- Implement a robust API security strategy. APIs often perform critical functions and are an attractive target for criminals looking to disrupt operations. In addition, if they are not well secured, they can expose endpoints that could be exploited to access data and services in an application or wider computing environment. For all these reasons, it is advisable to generate a complete inventory of APIs, including how many APIs are owned and identify the types of sensitive data that can be accessed through them, as well as track user access to those same applications.
Threats to critical infrastructure demand immediate action and robust cybersecurity strategies. Collaboration between governments, companies and experts is key to anticipating risks, protecting sensitive assets and ensuring the continuity of essential services.
