Cybersecurity

Cybercrime: Critical infrastructure is at risk and needs a combined private- and public-sector response

Public-private collaboration is key to tackling cybercrime across the world.

Public-private collaboration is key to tackling cybercrime across the world. Image: Getty Images/iStockphoto

Giulia Moschetta
Initiatives Lead, Centre for Cybersecurity, World Economic Forum
This article is part of: Centre for Cybersecurity

Listen to the article

  • The geopolitical tensions which emerged in the wake of Russia’s war against Ukraine have heightened the risks to critical infrastructure.
  • Supply chain cyberattacks have impacted governmental agencies, law enforcement, businesses and academia in both the US and Europe.
  • Public-private collaboration is key to tackling cybercrime, and the World Economic Forum is leading a number of initiatives to build resilience.

Supply chain cyberattacks have been rife over the last few months, affecting a large number of governmental agencies, law enforcement, companies and universities in the US and Europe.

A prominent example of such cyberattacks is the exploitation of a zero-day vulnerability in the file sharing software MOVEit, which is widely used by organizations to transfer data.

This cyberattack was led by the Russian-speaking Clop or Cl0p cybercriminal group, known for large scale ransomware-as-a-service campaigns. The hacking group has been operational since February 2019, targeting more than 3,000 United States-based organizations and 8,000 organizations worldwide.

Despite the 2021 Interpol-led arrest of some group members in Ukraine, this cyberattack in late May demonstrates that group-affiliates are still operational and dangerous.

Cybercriminals targeting the public sector

On June 7, the US Cybersecurity and Infrastructure Security Agency (CISA) published a joint cybersecurity advisory with the Federal Bureau of Investigation (FBI), and announced it was providing support to several federal agencies that had been breached.

Have you read?

The Department of Energy and the National Nuclear Security Administration were among the US agencies that have been impacted. Other public sector victims include California’s public pension fund, University of California, Los Angeles, Minnesota’s Department of Education, New York City’s public school system, the UK's communications regulator Ofcom and the Canadian provincial government of Nova Scotia, while affected companies include Siemens Energy, Schneider Electric, Shell, BBC and British Airways.

The hacker group has been “naming and shaming” the victims on their dark web page, publishing instructions on how to enter extortion negotiations and threatening to publish the stolen data if the ransom is not paid.

Over the years, Clop has been demanding ransoms of hundreds of thousands, sometimes millions of dollars. However, the hacker group has allegedly claimed to be solely targeting private businesses and that it will delete any data from governments or law enforcement.

In Europe, air traffic control agency Eurocontrol was attacked by the hacking group Killnet last April. The cybercriminals launched a distributed denial-of-service (DDoS) attack causing interruptions to the website, but luckily the attack had no impact on European aviation.

Killnet is a pro-Moscow hacking group notorious for denial of service attacks. The group also claimed responsibility for the cyberattack on Lithuania’s public services on June 26, in a tit-for-tat response to the government decision to block the transit of certain goods to the Russian enclave of Kaliningrad.

Similarly, in late June, the Luxembourg City Council and the European Investment Bank (EIB) websites were taken down for several hours by a DDoS cyberattack.

Killnet and two other cybercriminal groups had previously warned about upcoming attacks against the European banking system on Telegram channels. However, the only cyber fallout was the temporary disruption of the EIB’s website.

Swiss governmental agencies and cantonal offices were also targeted in a series of attacks in May and June. On June 12, the Swiss federal government website was taken down by a DDoS attack, launched by the hacker group NoName, supposedly in retaliation for the Swiss adoption of EU sanctions against Russia.

Similarly, a week before the parliamentary address of the Ukrainian president Volodymyr Zelenskyy, the Swiss parliament website was hit by a DDoS attack, revendicated by the same NoName hacking group on Telegram channels.

Switzerland’s public sector was also previously compromised via a supply chain attack in mid-May. A Swiss government software provider fell victim of a ransomware attack attributed to the hacker group Play.

The breach affected the country's Federal Office of Police, the Federal Office of Customs and Border Protection, as well as the Swiss Federal Railways and some cantonal authorities. The Swiss National Cybersecurity Centre has confirmed that stolen data includes operational data from various Swiss authorities and organizations.

In response, the Federal Council has formed a crisis team to manage the ransomware investigation and to revise the current contracts with the federal administration's IT service providers, to increase cybersecurity.

Urgent need to strengthen supply-chain cyber resilience

This latest incident affecting Switzerland, along with the MOVEit ransomware attack, highlights the cybersecurity risks associated with third parties and the possible implications for the public sector.

Cybercrime is transnational in nature, and cybercriminals' ties to government entities are often nebulous. However, the geopolitical tensions in the wake of Russia’s war against Ukraine have heightened the risks to critical infrastructure and its supply chain.

The European Union (EU) and North Atlantic Treaty Organization (NATO) have stepped up their cooperation with the launch of the EU-NATO Task Force on resilience of critical infrastructure, focusing on energy, transport, digital infrastructure and space.

The new US National Cybersecurity strategy also emphasizes the need to protect critical infrastructure and to disrupt and dismantle threat actors by integrating federal disruption activities and enhancing public-private operational collaboration.

Some examples include the international police operation Cookie Monster in April 2023, which led to the takedown of the largest illicit cybercrime forum known as Genesis Market; the FBI disruption against the Hive ransomware group made public in January 2023, and more recently the Five Eyes take down of the Snake malware and data theft network used in espionage campaigns by Russia’s Federal Security Service in May 2023.

Public-private collaboration key to tackling cybercrime

In an increasingly complex and interconnected technological ecosystem, critical infrastructure is exposed to a variety of cyber threats. To mitigate systemic risks and to advance cyber resilience in critical sectors such as aviation, manufacturing, oil and gas and electricity, the Centre for Cybersecurity at the World Economic Forum is mobilizing a multistakeholder community across businesses, governments, civil society and academia.

As a result of this cross-sector industry-focused initiatives the World Economic Forum has established a blueprint for evaluating cyber risk across the oil and gas industry.

Moreover, in 2021, upon request from the European Commission’s Energy Directorate, the cyber resilience in electricity initiative provided 15 recommendations on the EU cybersecurity directives NIS 2.0 (Network and Information Security) and CER (Critical Entities Resilience).

Discover

How is the Forum tackling global cybersecurity challenges?

Besides the efforts to strengthen cyber resilience in critical infrastructure, the World Economic Forum is also leading the Partnership against Cybercrime. Since 2020, the initiative is bringing together law enforcement agencies, international organizations, cybersecurity companies, service providers and not-for-profits to disrupt cybercrime.

In the effort to tackle rising cybercrime levels, at the 2023 Annual Meeting at Davos in January, the Centre for Cybersecurity launched the Cybercrime Atlas, supported by Fortinet, Microsoft, PayPal and Santander.

This new initiative will map the threat landscape and create a cybercrime repository based on public data and voluntarily shared information to enable law enforcement agencies to combat cybercrime more effectively.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum