Cyber security for commercial firms

Are you being hacked right now? 

Your internet connected devices, including smart energy systems, could be spying on you right now, or be controlled by others carrying out attacks around the globe.

Internet security became headline news in 2016 with reports of Russian involvement in the leaking of emails from the Democratic party during the US Presidential elections.

Just in the last 24 hours (16th March 2017), there are 5 pages of news results on google news for the search term “cyber attack”.

These include:

  • An attack on the Abta travel website affecting 43,000 individuals
  • Stolen pictures of Emma Watson
  • Russian spies charged over a hack on Yahoo affecting at least 500 million users
  • A North Korean hack on Poland’s biggest bank lobbying group ZBP
  • An hack on Licking County’s system where the attackers demanded a ransom of $30,000
  • An attack on Amnesty International and UNICEF’s twitter accounts among others in support of Turkey’s president Recep Tayyip Erdogan

In 2007, an attack on Estonia’s internet system was blamed on Russia as an act of cyberwar.

In Wales, firms have paid ransoms amounting to thousands of pounds to get access to their own data.

In these ransomware attacks, what happens is that an email is sent to employees containing a link to ransomware software. The software then encrypts everything on the company’s network. When it is done, a ransom demand pops up.

Ransomware attackers now have guides in different languages, customer service and support teams to make it easier for you to pay ransoms. The ransoms are typically paid in bitcoins, a virtually untraceable online currency.

The cost of cybercrime in the UK could be as high as £27 billion. In the US, the FBI said that ransomware attacks totalled $209 million in the first three months of 2016, up from $24 million for all of 2015, an increase of over  2,500% for the quarter.

In September 2016, Bruce Schneier, an expert on cyber security, wrote that it was possible that a large nation state like China or Russia was testing how far it could hack into the companies that run critical parts of the internet.

If you want to kill the internet or a part of it, the best way is to launch a distributed denial-of-service (DDoS) attack. This method pushes so much data at sites that they are overwhelmed and stop operating.

The attackers typically take over home computers that they have infected and use them to launch the attack.

Again, in September 2016, an attack on Dyn, an internet infrastructure company that supports dozens of major websites was launched.

What made this attack different is that the attackers used internet connected devices such as webcameras and digital video recorders. This was the first use of millions of everyday devices rather than computers to launch such an attack, turning them into an army of “botnets”.

As companies use increasing numbers of internet connected printers, phones, energy meters and control devices in their businesses, the possibility that these devices can be used to gain access to your systems or be used in a DDoS attack increases exponentially.

It is very easy to launch an attack. The software is free to download. The Dyn attack was a system called Mirai, the source code is free to access and more attackers have built the code into their software. Or you can hire groups to carry out the work for you.

If you connect a GSM router to the internet with SSH capability and monitor its traffic logs, it is likely that you will notice probing attacks trying password combinations from servers that are located in China very quickly.

According to the quarterly Verisign DDoS trends report, attacks increased by 63% in Q4 2016 over the same period in 2015.

Verisign DDoS trends report
Verisign DDoS trend report Q4 2016

49% of attacks target IT services, cloud, and SAAS companies. 32% target the public sector and 7% of attacks target financial services companies.

Why is this relevant in the energy industry? Because the feeling is that the makers of consumer devices don’t really care about internet security.

But, when the devices you are connecting to your company turn the lights on and off in a building, or the power to an MRI scanner, or an operating theatre, then making sure they can’t be attacked needs to be one of your top concerns.

In the UK, the National Cyber Security Centre (NCSC) was set up last year to improve the UK’s cyber security and cyber reliance.

This blog post by Ian Levy sets out what the NCSC is planning to do about an Active Cyber Defence (ACD) programme. Ideas include:

  • Make it harder to hijack UK machines
  • Make email harder to spoof
  • Get hosting providers to take down offending sites
  • Figure out how to help people not access bad sites
  • Create better software, better government, encourage innovation
  • Help owners and operators of critical national infrastructure

Finally… and I quote

“We’re still going to do things to demotivate our adversaries in ways that only GCHQ can do”

So… GCHQ is at cyber war…

Cyber-security and the impact for businesses and what they do is not going to go away anytime soon.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s