Attacks and Vulnerabilities
Critical infrastructure
Industries
Malware, Phishing & Ransomware
Manufacturing
Medical
Mining, Oil & Gas
News
Pharma
Reports
Risk & Compliance
Threat Landscape
Transportation
Utilities: Energy & Power, Water, Waste
Vulnerabilities

ODNI assesses potential cyber-attacks from China, Iran, North Korea, Russia on US critical infrastructure sector

March 09, 2022
ODNI assesses potential cyber-attacks from China, Iran, North Korea, Russia on US critical infrastructure sector

The Office of the Director of National Intelligence (ODNI) said that both state and non-state hackers ‘threaten our infrastructure and provide avenues for foreign malign influence threats against our democracy.’ It also assesses that China almost certainly can launch cyber-attacks that ‘would disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.’ 

In a report released Tuesday titled ‘2022 Annual Threat Assessment Report,’ the ODNI assessed that North Korea possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the U.S. The report also warned that ​​Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the U.S. and allied networks and data security. Finally, it evaluated that Russia will remain a top cyber threat as ‘it refines and employs its espionage, influence, and attack capabilities.’

The Washington, DC-based agency assesses that China ‘presents the broadest, most active, and persistent cyber-espionage threat’ to U.S. government and private sector networks. Moreover, China’s cyber pursuits and export of related technologies increase the threats of cyber-attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its control, and the expansion of technology-driven authoritarianism globally, it added.  

The ODNI report further assessed that China leads the world in applying surveillance and censorship to monitor its population and repress dissent, particularly among minorities. In addition, Beijing conducts cyber intrusions that affect the U.S. and non-U.S. citizens beyond its borders, such as hacking journalists, to counter perceived threats to the Chinese Communist Party (CCP) and tailor influence efforts.  

“China’s cyber-espionage operations have included compromising telecommunications firms, providers of managed services and broadly used software, and other targets potentially rich in follow-on opportunities for intelligence collection, attack, or influence operations,” the ODNI report said.

The 2022 Annual Threat Assessment provides the Intelligence Community’s (IC’s) baseline assessments of the most pressing threats to U.S. national interests while emphasizing the nations’ key adversaries and competitors. It is not an exhaustive assessment of all global challenges and notably excludes assessments of U.S. adversaries’ vulnerabilities. However, it accounts for functional concerns, such as cyber and details hackers from China and Russia. 

Multiple trends are shaping the technology landscape of the next decades. Increasing convergence of seemingly unrelated fields and the rise of global competition to generate and lock in advantage are leading to the global diffusion of emerging technologies, shrinking timelines for development and maturation of technologies, and increasingly blurred lines between commercial and military endeavors, particularly in fields with broad impact across societies and economies, such as artificial intelligence (AI), biotechnologies, robotics and automation, and smart materials and manufacturing.

The report also assessed that Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions, as well as a deterrence and military tool. “Russia is particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the United States as well as in allied and partner countries, because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis,” the report added.  

Russia is also using cyber operations to attack entities it sees as working to undermine its interests or threaten the stability of the Russian government, the report said. Russia attempts to hack journalists and organizations worldwide that investigate Russian government activity and has leaked their information in several instances. 

Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of U.S. and allied networks and data, ODNI said in its report. In addition, Iran’s opportunistic approach to cyber-attacks makes critical infrastructure owners in the U.S. susceptible to being targeted by Tehran, especially when Tehran believes it must demonstrate that it can push back against the U.S. in other domains. 

The ODNI report said that recent attacks on Israeli and U.S. targets show Iran is more willing than before to target countries with more robust capabilities. For example, Iran was responsible for multiple cyber-attacks between April and July 2020 against Israeli water facilities. Iran’s successful disruption of critical infrastructure in Israel, also a superior cyber power compared with Iran, reflects its growing willingness to take risks when it believes retaliation is justified, it added.

North Korea’s cyber program poses sophisticated and agile espionage, cybercrime, and attack threat, ODNI said. “Pyongyang is well-positioned to conduct surprise cyber-attacks given its stealth and history of bold action,” it added. Hackers linked to North Korea have conducted espionage efforts against a range of organizations, including media, academia, defense companies, and governments, in multiple countries, the report added.

The ODNI report said that cybercriminals are increasing their ransomware attacks, in addition to phishing and other online fraud schemes. Transnational cybercriminals are increasing the number, scale, and sophistication of ransomware attacks, fueling a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide. These criminals are driven by the promise of large profits, reliable safe havens from which to operate, and a decreasing technical barrier to entry for new hackers.  

The report added that many major transnational cybercrime groups have diversified business models that engage in direct wire-transfer fraud from victims or use other forms of extortion alongside or in place of ransomware. 

In 2020, business email compromise, identity theft, spoofing, and other extortion schemes ranked among the top five most costly cybercriminal schemes. This leads to U.S. government entities, businesses, and other organizations facing a diverse range of ransomware threats, ODNI said in its report. In addition, attackers are innovating their targeting strategies to focus on victims whose business operations lack resilience or whose consumer base cannot sustain service disruptions, driving ransomware payouts up, it added.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base