Exploring the Growing Threats to Critical National Infrastructure

Martin Riley, Director of Managed Security Services at Bridewell, is on a mission to uncover the factors driving new and increasingly complex cyberthreats in the ever-evolving digital landscape. With critical national infrastructure (CNI) at risk of being targeted by cybercriminals, the need for proactive monitoring and mitigation strategies has never been more urgent.

Bridewell’s Security Operations Centre (SOC) has been at the forefront of analysing emerging cyber-risks over the past year. Their latest findings have been distilled into the 2024 CyberScape Briefing, shedding light on three major areas of concern for CNI operators.

One key threat highlighted in the report is the Cobalt Strike phenomenon within command and control (C2) frameworks. This malware framework, originally designed for legitimate testing, has become a tool of choice for cybercriminals looking to infiltrate networks and harvest sensitive data. With a 27% increase in Cobalt Strike attacks in 2023, Bridewell’s experts have identified China as a major hub for this cyberthreat.

Another prevalent danger is the infostealer threat, specifically the Racoon Stealer variants, which were widespread in 2023 but saw a decline in use as the year progressed. Despite this decrease, information stealer attempts still impacted 38% of Bridewell’s clients, highlighting the ongoing prevalence of this type of malware.

Additionally, cybercriminals are increasingly using fake update campaigns to deceive users into downloading malicious code onto their devices. As fake update campaigns continue to target unsuspecting victims, organisations must remain vigilant and implement comprehensive threat intelligence strategies to stay ahead of evolving threats.

In a landscape where the line between legitimate tools and malicious intent is blurred, CNI entities must prioritize cybersecurity measures to navigate the uncertainties of 2024 effectively. By investing in threat intelligence, comprehensive detection, and response services, organisations can proactively defend against the ever-growing complexity of cyberthreats facing critical infrastructure.