Ambitious hackers open national infrastructure floodgate
by Lewis Henderson, VP of Product at Glasswall Solutions
Governments around the world received the wakeup call they desperately needed last December, when a power outage occurred across western Ukraine. While it may not have been catastrophic – though the hundreds of thousands of homes left without power, during winter no less, may disagree – its pertinence lies in its cause. The mass blackout was the first of its kind to be publicly confirmed to be the work of hackers, a group called the Sandworm Gang, who may have also been responsible for several attacks on government agencies in Ukraine and Poland, including NATO.
Mere weeks following the Ukraine power outage, Israel’s Energy Minister Yuval Steinitz revealed that that hackers had launched a “severe” malware attack against the country’s Electricity Authority. Though the attack reportedly didn’t result in a single power outage, the organisation’s were shut down for two days after the attack occurred, according to The Times of Israel.
Keeping up with growing threats
The world of cybercrime expands daily, leading to the current state of affairs in which even national infrastructure organisations are vulnerable to the growing sophistication of hackers. To newsreaders around the world, the ability of hackers to worm their way into critical infrastructure and even cause mass blackouts is understandably shocking. To those with a deep familiarity of the cybersecurity field, this handful of recent events, while still incredibly alarming, may not come as such a surprise.
Many governmental agencies have a legacy of utilising outdated cybersecurity measures and operating systems, such as Windows XP, that are no longer supported by manufacturers. Though it is no doubt a bold statement, no government is highly motivated to make any significant changes to the status quo when addressing the risks associated with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. Speed of innovation isn’t a driving factor as in general IT – once something is deemed functional and reliable, it is rarely changed. More alarmingly to the layman, malware running on ICS networks is often tolerated, provided it does not disrupt operations, which does not fit the logic generally used in IT.
Most disturbingly, there is minimal legislation to drive cyber risk reduction to protect ICS. The question must be asked, is this intentional government policy to allow some the world’s largest organisations the freedom to operate with fewer restrictions?
Within the commercial sector, data breaches are increasingly being launched via email through file-based attacks, with roughly 94 per cent of successful breaches occurring this way.
While enterprises risk losing vast amounts of money and the goodwill of their customers, national infrastructure organisations who don’t have adequate security measures in place are potentially putting the livelihoods – and even lives – of their citizens at risk.
The face of cybercrime
In many cases, cybercriminals are using social engineering to make their way into crucial systems. Hackers will utilise advanced intelligence gathering tactics that can include acquiring metadata from a number of sources, such as documents intercepted during exchange, in order to identify information such as user IDs, server paths, software versions and even employee reference data. This activity helps the hacker profile employees, supply chains, internal workflows, processes and procedures, and is an information leak that Glasswall discovers on a regular basis during its discovery phase.
By acquiring this information, hackers can then forge a series of convincing emails to an employee, posing as a trusted regular contact and tricking the employee into opening a malware-laden document or clicking on a link designed to place a zero day exploit into the organisation’s system, which is then executed at a later date. In order to mitigate this vector, organisations must ensure they prevent data leakage caused by poor internal processes and weak management protocols, keeping private information away from would-be exploiters.
Due to the advancing capabilities of hackers and the ever decreasing adequacy of traditional perimeter security solutions, national infrastructure operators must turn towards innovation to solve the cyber security gaps that will only grow wider over time. Any change includes unique challenges, but cyber security needs to be tackled head on if the organisations responsible for supplying our clean water, electricity and fuel can be trusted as proactively tackling this complicated problem.
The attack on Ukraine’s power grid could be seen as a proverbial floodgate, unleashing a slew of similar attacks on unprepared infrastructure organisations. Whether this will be the case has yet to be seen, though the big question remains – what is the worst thing a person or group could do to a critical asset if they possessed the intent, access and knowledge to perform a malicious act? Keeping in mind the knowledge of what is now possible, these organisations would be wise to adopt a solution that can guarantee they don’t become the next target of the new face of cybercrime.