A surge in cyber attacks: Is critical infrastructure safe?

According to data from Check Point Research, Q2 2024 saw a 30% surge in cyber attacks worldwide. And it’s reflected in the headlines: UK telecoms company BT has identified 2000 attacks on its network per second; semiconductor manufacturer Microchip Technology suffered a ransomware attack that put customer data at risk; Chinese tech conglomerate Tencent was attacked by a hacker, exposing 1.4 billion user accounts. The list goes on. 

Why is this rise in cyber attacks happening?

The reality is that this isn’t a moment in time in which attack numbers are higher than usual – it’s part of an upward trajectory that’s picking up pace, due to a number of reasons. 

Those reasons include: 

• Digital transformation is continuing, and more and more services and experiences are happening online – creating a constantly growing threat landscape for threat actors to exploit.
• The increasing sophistication of cyber attacks – with criminals accessing advanced technologies and strategies, particularly AI and machine learning.
• Growing economic motivations – as new technologies make ransomware and phishing attacks more affordable, threat actors can generate significant income with minimal barriers to entry.
• Geopolitical tensions that are agitating politically-motivated attacks.
• Supply chain vulnerabilities across industries, which give crime groups a way into the networks of major corporations. 

Interestingly, Check Point Research also found that the increase in attacks globally is linked to a rise in hacker interest in Education and Research – the sector which saw the largest increase in cyber attacks in Q2 2024, compared to all other industries. 

Is critical infrastructure at risk? 

The short answer is yes. The rise in attacks does mean that critical infrastructure is facing genuine threats. 

Recently, we’ve seen: 

• An attack against London’s transport system, allegedly undertaken by a 17-year-old hacker.
• Reports that suggest 67% of energy, oil/gas and utilities organisations in the US have been hit by ransomware in 2024.
• Indonesia’s immigration services were disrupted by an attack on the country’s data centre. 

Cyber attacks on critical national infrastructure in countries around the world are expected to increase. And with data centre attacks on the rise, governments including the UK have reclassified data centres as critical infrastructure in their own right – in order to provide them with an additional layer of security protection. 

Importantly, the interconnectedness of critical infrastructure systems in many countries means that cyber attacks could cause kinetic effects that might devastate a nation. 

Are we working fast enough to protect critical infrastructure from growing threats?

The concern is that cybersecurity systems protecting critical infrastructure aren’t levelling up fast enough to keep pace with the rise in attacks. 

Countries are racing to develop national plans to identify and manage risks; but the prospect of an attack that could wipe out critical infrastructure function for a significant period of time is becoming more likely.

The success of national initiatives to protect critical infrastructure relies heavily on each country’s engagement in cross-border collaboration. Threat information and cybersecurity research must be shared – and cybersecurity leaders and practitioners from countries around the world need to collaborate in order to understand, identify, and prevent attacks. 

At Black Hat MEA 2024, we’re zooming in on the realities of critical infrastructure attacks in a rapidly growing threat landscape. Learn from the researchers who are creating frameworks for international collaboration and working to head off major attacks before they cause disruption.