The DoJ Disruption of the Hive Ransomware Group Is a Short-Lived Win

The war on critical infrastructure demands a better security strategy.

Duncan Greatwood, CEO, Xage

February 28, 2023

4 Min Read
Department of Justice building signage
Source: Jeremy Graham via Alamy Stock Photo

This year started off with a bang, with critical infrastructure attacks — both physical and cyber — at an all-time high. The Cybersecurity and Infrastructure Security Agency (CISA) released 12 industrial control system (ICS) advisories warning of critical security flaws, while the hacker group GhostSec, aka Anonymous Operations, claimed to have used ransomware in encrypting an industrial remote terminal unit of the type relied on by critical infrastructure.

Critical Infrastructure Becoming Favorite Attacker Target

Operational technology in critical infrastructure is the new favorite target for attackers. Why?

  • Critical infrastructure attacks result in widespread impacts. Every second of downtime at energy suppliers, utilities, and hospitals around the world can leave communities stranded and even cost lives, forcing parties to respond quickly. Shutting down train service or a gas pipeline has enormous, highly visible consequences, including significant threats of financial harm and risk to human safety.

  • Critical infrastructure attacks also increase the success of a ransomware payout. There's an increasing need to interconnect OT networks and assets safely with IT and cloud assets to support new business initiatives (e.g., supporting today's distributed workforce via remote access), and there's a glaring lack of effective mechanisms for providing it securely, which is causing the OT attack surface to balloon. Enter attackers with sophisticated ransomware techniques at the ready.

  • Successful attackers can and do sell their tools and tactics to adversarial governments. For instance, disruption to Western energy suppliers can benefit an adversarial regime such as Russia's when those attacks increase European dependency on Russian energy supplies.

DoJ Disrupts Ransomware Group Attacking Critical Infrastructure

In the fight against ransomware, the Department of Justice (DoJ) has made progress. According to a Jan. 26 press release, the department launched a "months-long disruption campaign against the Hive ransomware group that has targeted more than 1,500 victims in over 80 countries around the world, including hospitals, school districts, financial firms, and critical infrastructure."

This announcement is a win for the DoJ, but we also need to be realistic. Adversaries are smart, and this win is bound to be short-lived. There is a lesson here for anyone responsible for securing critical infrastructure.

Protecting Critical Infrastructure Requires a New Mindset

Massive digital transformations happening in industrial segments (like energy, manufacturing, and utilities) require a new perspective to cybersecurity — this will become central not only to effective operations but to keeping society safe in 2023. In order to protect the world's energy infrastructure amid rising geopolitical tensions, shifting market dynamics, and fast digital transformation efforts — and all in the face of highly motivated adversaries — it's no longer enough to know you've been hacked. Preventative cybersecurity is a must, especially when it comes to safeguarding our world's scarcest resources.

If we don't shift our mindset and find ways to not only detect adversaries but also block them from being able to inflict harm, we'll continue to see these ransomware attacks succeed. They're always one step ahead and bound to already be searching for new ways to break through and impact our day-to-day lives in order to achieve their goals.

It's time for critical infrastructure operators to tackle the challenge of securely interconnecting OT assets with IT and the cloud without exposing vulnerable devices to corporate or public networks. They need to support business initiatives to allow distributed workforces and vendors to access critical components that can have a physical impact on the real world, in order to provide upgrades or manage urgent issues rapidly without opening up to new attack vectors. As OT assets grow more distributed, along with the experts who build, operate, and maintain them, this challenge will only increase. Now is the time for critical infrastructure organizations to invest in modernizing their access management and data security, leveraging zero trust strategies, to stay ahead of cyberattackers.

Rigorous cyber hardening of critical operations needs to happen — immediately. The mindset must shift from not just detecting cyberattacks, but to blocking them outright. The massive uptick in attacks should serve as a wakeup call to the industry. Even the minority of attacks that are reported publicly have become too numerous to ignore. And with the latest cybersecurity innovations, preventing harm is possible, even once the threat has already infiltrated inside an operational network.

About the Author

Duncan Greatwood

CEO, Xage

Duncan Greatwood is the Chief Executive Officer at Xage. Most recently, he was an executive at Apple, helping to lead a number of Apple's search-technology projects and products. Prior to Apple, Duncan was C.E.O. of Topsy Labs, the leader in social media search and analytics acquired by Apple in 2013. Prior to Topsy, he was founder and C.E.O. of PostPath Inc., the email, collaboration and security company acquired by Cisco in 2008. Previously, Duncan held Vice President roles in Marketing, Corporate Development and Sales at Virata / GlobespanVirata / Conexant, as well as earlier engineering and product marketing positions at Madge Networks. Duncan brings a blend of sales, marketing, operations, technology and human experience to the task of driving growth at Xage. Duncan holds a B.A. (Mathematics) and M.Sc. (Computer Science) from Oxford University and an M.B.A. from London Business School.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights