Recently, three large organizations in Taiwan, in succession, reported being targets of ransomware attacks. As all three are considered to be within the eight critical infrastructures (energy, water, transportation, communications, finance, medical care, government, high-tech), local cybersecurity experts warn that these specific successive ransomware attacks could be signs of APT-level attacks testing critical infrastructure (CI) for rapid response capabilities in preparation for future attacks.
Advanced Persistent Threats (APT) are elite groups of cybercriminals that are typically sponsored and directed by nation-states. This extensive knowledge of attacker techniques and tactics combined with nation-state resources makes APTs stealthy, fast, dangerous, and persistent.
“Taiwan has been targeted by APT-level cyberattacks for many years now. Years ago, when the security industry came up with the “anti-APT” buzzword, most organizations were clueless in validating “Anti-APT” capabilities, yet embraced them as a silver bullet. Today, local organizations are much more aware of the need for security situation awareness and the capabilities of EDR/MDR solutions. Some vendors, like CyCraft, have their EDR solutions evaluated by MITRE ATT&CK. In the future, EDR will become as common as Antivirus and Firewalls are today. More and more intrusions are bypassing preventive security measures. EDR wins those decisive battles against APTs and keeps them off critical endpoints.”
-Benson Wu, CyCraft CEO
Benson continued, “In the past few years, we have seen ransomware evolve rapidly. Organizations require multiple lines of defense to completely withstand a ransomware attack and remain resilient. Your first lines of defense are preventive solutions, such as your NGAV/NGFW. The second line of defense would be your EDR solutions; the third, disaster recovery solutions like backing up from off-site data storage; the fourth, real-time AI-powered SecOps, and your fifth and final line of defense would be hardening your defenses through attack emulations, such as red team blue team testing.”
Ransomware attacks against any of the eight critical infrastructures of Taiwan are now considered a serious threat to national security. Organizations along the eight critical infrastructures need to take immediate action to avoid having the entire ecosystem be susceptible to a singular cyberattack.
As ransomware attacks (or cyberattacks in general) against critical infrastructure can be extremely devastating to the public, the Taiwan government has begun giving these targeted cyberattacks the highest priority of national security.
Information security is now national security.
The Flagship Information Security Project
Benson continued to point out that in early 2017, the Taiwan Security Department of the Executive Yuan, under the leadership of Director Jian Hongwei, began implementing its 資安旗艦計畫 (Flagship Information Security Project) and 前瞻基礎建設計畫 (Forward-looking Infrastructure Development Program) to build an Information Security Sharing and Analysis Center (ISAC) for the eight critical infrastructures and to develop and implement better information security technologies across all critical infrastructure.
The 資安旗艦計畫 (Flagship Information Security Project) saw quick success, gathering international partners in cyber intelligence such as the Netherlands.
In 2018, the National Information Security Sharing and Analysis Center (N-ISAC) began operations to better coordinate communication between each of the eight ISACs and acted as a national security operations center of sorts.
Within months, the N-ISAC determined that while their range and breadth of intelligence were now sufficient, the depth of intelligence wasn’t up to their new standards. In the near future, N-ISAC, in addition to providing ISACs with the latest worldwide intelligence on known indicators of compromise (IOC) and malware analysis, shall also consolidate actor intelligence and APT-level adversarial techniques as defined by the MITRE ATT&CK® framework.
Organizations in energy, water, transportation, communications, finance, medical care, government, and high-tech are critical infrastructures vital to the health of the public and the nation. These organizations should not be left alone to defend themselves against cyberattacks as they are prime targets for APT-level attacks.
If critical infrastructure is targeted by foreign state-sponsored attacks, they need national-level protection. Information security is now national security.
When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs.
We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.
Additional Related Resources
- CyCraft CEO, Benson Wu, and CyCraft Global Project Manager, Chad Duffy, speak on the latest MITRE ATT&CK Evaluations. Read their thoughts on our results and the philosophy powering CyCraft.
- Learn how we detected and defeated a foreign APT targeting Taiwan’s high-tech ecosystem. Read our full analysis and malware reversal.
- Has your organization recently shifted to a Work From Home environment? Learn how to receive three free months of our Secure From Home service.
- Our Enterprise Health Check drops your mean dwell time down from 197 days to under 1 day without false positives or false negatives. Know with confidence if hackers have penetrated your enterprise.
- Learn why industry professionals voted CyCraft for multiple GOLD Cybersecurity Excellence Awards in 2020.