A cyberattack has dealt a major blow to the National Optical-Infrared Astronomy Research Laboratory (NOIRLab), leaving several large telescopes out of commission for weeks.
The attack occurred on August 1, when NOIRLab detected a “cyber incident” in their computer systems, forcing them to halt astronomical observations at the Gemini North telescope in Hawai’i.
“Out of an abundance of caution, we have decided to isolate the Gemini Observatory computer systems by shutting them down,” NOIRLab stated.
Weeks later, 10 telescopes remain offline, with remote control inaccessible for many. Science attempted to uncover more details about the attack, but NOIRLab declined to confirm whether it was a ransomware attack. In ransomware attacks, users are denied access to their files or control over their systems until a ransom is paid.
Although NOIRLab has not officially confirmed it, a ransomware attack seems like a plausible explanation. In late October last year, the Atacama Large Millimeter Array (ALMA) Observatory in Chile experienced a similar hack that forced the telescope offline for over a month. The incident was later confirmed to be a ransomware attack.
Telescopes, along with other scientific facilities, are attractive targets for hackers due to the value of their data and the financial impact of shutting down operations. During ALMA’s offline period, it was losing approximately a quarter of a million dollars per day, with hackers likely betting on the observatory paying up to avoid further expenses. Although technicians managed to isolate the affected systems without paying a ransom, ALMA only resumed operations on December 21, after nearly two months offline.
Another contributing factor may be the lack of investment in cybersecurity. Chris Vaughan, VP of technical account management EMEA at Tanium, noted that these facilities often have limited IT budgets.
“A high level of network visibility should be utilized as part of a zero-trust approach. This is where implicit trust is eliminated, and the principle of ‘never trust, always verify’ is employed,” Vaughan explained.
“By implementing strong authentication methods, network segmentation, and lateral movement prevention, along with effective staff training, institutions like ALMA can continue their important work without costly interruptions caused by cyber-threats.”
[H/T: Science]
