Are you prepared for the next wave?
Hackers left millions of Ukrainians without power following a cyber-attack on the power grid in late-2015. In 2020, Cyber sabotage halted businesses, markets, transportation hubs, and private residences in Mumbai. Now experts warn attacks on the United States’ power grid may be imminent.
The sweeping change in vulnerability comes as obsolete manual controls in power plants, substations, water treatment plants, and other facilities are swapped out for newer electronic controls. These systems are often connected to public or private networks that allow remote access. This makes it somewhat easy for hackers to gain control.
“Essential state infrastructures like power grids and nuclear reactors have been and will continue to be a target of cyber-attacks because modernization allows internet connectivity, which makes them vulnerable,” said Korea University Cybersecurity professor Kim Seungjoo. “It’s almost a natural instinct of hackers, especially the state-sponsored ones, to attack energy infrastructure because they can easily disrupt national security.”
Cyber-attacks have been on the rise over the past few years because of this very reason. To make matters worse, attacks on critical infrastructure are also on the rise.
The U.S. Department of Energy announced in December of 2020 that Russian hackers gained access to National Nuclear Administration systems. The announcement was made in regards to a 2019 attack in which malware had infected a computer network used for administrative functions.
“There is now a path for attackers to run from spoof emails in an employee’s inbox right through to critical gas compressors and turbines,” said Sanjay Aurora, the managing director of the U.K. security firm Darktrace.
There are many ways for attackers to gain access to critical systems and infrastructure. In fact, attacks can be “delivered via spear-phishing emails with malicious Microsoft Office attachments” or malicious “Trojans,” as a report by the Cybersecurity & Infrastructure Agency reveals.
However, sometimes the best way to thwart an attack is to start with the implementation or enforcement of best practices.
According to the agency, key examples of this include “procurement and licensing of trusted hardware and software systems; knowing who and what is on your network through hardware and software asset management automation; on-time patching of systems; and strategic technology refresh.”
Additionally, “ICS-CERT recommends that asset owners take defensive measures by leveraging best practices to minimize the risk from similar malicious cyber activity.” The report also maintains that “organizations should also limit Remote Access functionality wherever possible.” And says, “Modems are especially insecure.”
Technology is a dual-edged sword and always will be. Just think, our lives could change with just one click of a mouse. A good example of this is the latest Chinese state-sponsored cyber-attack on Microsoft.
Several days ago, Microsoft was the target of an alleged Chinese state-sponsored cyber-attack. Vulnerabilities in the company’s email software were exploited, allowing hackers to gain access. The scheme has since gone global and is being used to extort victims.
If that’s not enough, the data security firm Mimecast released an incident report on Tuesday confirming that “the same sophisticated threat actor responsible for the SolarWinds supply chain” hack was the same responsible for January’s incident involving the firm.
“During our investigation, we learned that the threat actor used the SolarWinds supply-chain compromise to gain access to part of our production grid environment. Using this entry point, the threat actor accessed certain Mimecast-issued certificates and related customer server connection information,” the incident report states. “The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials.”
Nonetheless, the firm admits it has “no evidence that the threat actor accessed email or archive content held by us on behalf of our customers.”
Hackers took down D.C.’s CCTV system for a 48-hour span leading up to Trump’s Inauguration, demanded ransom
Between the dates of January 12, 2017, and January 15, 2017, for about a 48-hour span, 70% of the CCTV cameras in Washington D.C. were rendered useless by hackers adding an element of uncertainty in regards to what may have taken place in and around D.C. just days before Donald Trump’s Inauguration.
Secret Service and city officials said that cyber attackers used ransomware to infect nearly 130 of 187 network storage devices linked to the city’s closed-circuit camera network, disallowing the storage of any incoming imagery data also while simultaneously requesting a ransom to be paid.
According to the city’s Chief Technology Officer official Archana Vemulapalli, the attack prompted city officials to willingly take the entire CCTV network offline by removing all related software, later forcing a reboot of each site independently, which left at least a 48-hour window of opportunity for criminal activity to take place without being recorded.
Although city officials claim that the hack appeared to be a “localized” extortion attempt, one must question what group or agency is actually responsible and what attackers’ intentions really were.
Vemulapalli said that on the day of 12 Jan D.C. Metro Police noticed that 4 camera pods were not properly functioning and reported their findings to the technology office (OTCO), who later identified the devices to be infected with ransomware thus prompting a “citywide sweep,” as reported by the Washington Post.
Police Chief fill-in Peter Newsham addressed the hack publically and said that there was ‘no known significant impact’ as a result of the hack, but an active open investigation may suggest otherwise as it was admitted that city officials took the cameras offline themselves, ultimately creating a window of opportunity for the illicit activity to occur undetected which also dovetails with the stand down ordered on police body cameras during the Inauguration, as reported by Intellihub on Jan. 18.
Furthermore, a report by TendMicro.com details how “Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.” Additionally, ant to point out that ransomware prices can be set to any amount and are often requested in cryptocurrencies such as Bitcoin.
The most alarming part about all this is that ransomware is now being sold under the ransomware-as-a-service model, similar to a lot of cloud computing offerings. Under this model, ransomware can be purchased and deployed even by people with no hacking experience. The buyer then commits to give the seller a percentage of the “take”, usually set at 40%.
One of the most active ransomeware groups today is Cerber, which actually offers a “ransomware for dummies” type of package that provides the buyer with all the resources they need. That makes Cerber potentially far more dangerous than any other hacking group, including Locky, which operates with just one person, or threat actor, and doesn’t sell or share its methods with anyone.
The Herjavec Group published a report titled “Hackerpocalypse: A Cybercrime Revelation” which maintains that by the year 2021 “cybercrime will cost the world in excess of $6 trillion annually” and is growing rapidly.
The report mentions how “Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021, which includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.” All of which will create a vast market for individuals, corporations, and governments to defend against cybercrime which is “projected to exceed $1 trillion over the next five years.”
D.C. authorities did investigate the matter and all ransomware has been removed from the entire system.
Preparing for cyber-attacks
Alvarez Technology Group released a guide that explains 5 ways to prepare, respond, and recover from a cyberattack. The guide maintains there are five questions companies should ask themselves regarding cyber threats.
- What are our current cybersecurity threats?
- What are common breach points within our company?
- What are our current cybersecurity policies?
- What is our company’s readiness for a cyber attack?
- What are our recovery policies in response to a cyber attack?
“It’s easy to sit back and think that threats and attacks only happen to other people and other businesses, but not to ourselves,” the guide explains. “Living in a state of paranoia can be beneficial to the security of your company. Former Intel CEO, Andrew Grove, once stated that ‘Only the paranoid survive.’”
Are you prepared for the next cyber-attack?