SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Data Protection
#
Ransomware

Ransomware attacks expose urgent risks for critical utilities

Today
Author image
By Sean Mitchell, Publisher

The recent surge of ransomware attacks on global organisations has drawn renewed focus to the critical risks facing essential infrastructure and business operations. The latest incident involves Aigües de Mataró, a Spanish water supplier, whose computer systems and website have been compromised. This attack follows a string of high-profile ransomware incidents in Spain, including the 2023 attack on Barcelona's largest hospital, and reflects a growing trend across sectors worldwide.

Commenting on the implications of such breaches, Kevin Kirkwood, Chief Information Security Officer at Exabeam, warned of identity and operational risks that extend beyond data theft. "While ransomware events create identity risk for the community that uses the water system, the broader risk is that the compromise could impact the operation of the water and sewage system," he stated. Kirkwood explained that most water treatment facilities are managed via SCADA systems, which control processes like chemical mixing and remote plant operations. "The introduction of a broad mix of chemicals into the water system can cause health problems for the users of the water system," he cautioned, raising concerns about the direct effects on public health.

Kirkwood also highlighted the possibility of attackers affecting water reuse and reclamation systems. "Tying these systems to an attack; the results could be even worse," he added, pointing to the complexity and seriousness of cyber threats to critical infrastructure.

On a broader scale, Trevor Dearing, Director of Critical Infrastructure at Illumio, observed a disturbing evolution in ransomware tactics. "What we're seeing with Medusa ransomware isn't just another spike — it's a sign of how ransomware is evolving. The question every organisation should be asking right now is: If an attack like Medusa came for you, could you survive it?" Dearing referenced new research from Illumio that found 79% of Australian businesses experienced at least one ransomware incident in the past year, and almost two-thirds had to shut down operations as a result. "Ransomware isn't just an IT issue — it's a business crisis. Ignoring the threat means gambling with your operations, reputation, and bottom line," he stressed.

Despite the frequency and impact of ransomware events, there remains a significant gap between perceived and actual preparedness. "Too many organisations believe their current controls are enough. But confidence doesn't equal readiness," Dearing said, noting that half of respondents admitted they were not ready to quickly identify and contain an attack. He emphasised the importance of Zero Trust frameworks, specifically network segmentation, to contain threats and protect critical systems. However, only 27% of organisations surveyed had adopted such measures, exposing a significant vulnerability.

The threat landscape is compounded by sophisticated cybercriminal groups exploiting zero-day vulnerabilities. The Play ransomware group recently leveraged a flaw in the Windows Common Log File System to gain SYSTEM privileges and deploy malware across various industries, including IT, finance, software, and retail. Aditya Sood, Chief Executive at Aryaka, underscored the seriousness of such attacks: "The Play ransomware gang has exploited a Windows system flaw in zero-day attacks that allowed them to gain SYSTEM privileges and deploy malware on compromised systems." Sood highlighted the use of double extortion tactics, where victims are pressured to pay ransoms to prevent data leaks, and called attention to the widespread operational damage that can extend to whole communities.

"Zero-day vulnerabilities are a significant concern because they exploit unknown flaws in software," Sood observed, recommending a combination of proactive and reactive strategies. "To minimise the impact of ransomware, it is important that organisations implement swift containment strategies including network segmentation, VLAN quarantining, and zero-trust network access," he advised. Sood further stressed the need for robust network defences, strict security protocols, and well-maintained isolated backups.

As ransomware attacks become more targeted and disruptive, industry experts agree that the stakes have never been higher. The convergence of cyber threats with essential services such as water supply highlights the urgent need for organisations to bolster their defences, invest in preparedness, and ensure rapid containment strategies are in place to prevent catastrophic consequences.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
HPE unveils all-in-one secure gateway for small businesses
IT leaders embrace hybrid AI strategies amid rising challenges
Lazarus Group targets South Korean supply chains via software flaws
Survey shows enterprises shift towards software-driven pentesting
Crypto job scams in Australia cost victims USD $9.3 billion
Top stories
Outpost24 expands platform for data & social threat defense
KPMG launches AI Trust suite to aid risk & compliance efforts
Fortinet first quarter revenue surges to USD $1.54 billion
How outsourcing and automation plug the cybersecurity skills gap
How ‘Cloud Adjudication’ benefits retailers in Southeast Asia