CS1907

More documents

Recommendations

Info

cyber espionage THE STATE WE'RE IN IT ISN'T JUST THE ENERGY SECTOR, COMMUNICATIONS AND INDUSTRIAL ORGANISATIONS THAT ARE AT RISK OF ATTACK FROM NATION STATE AND OTHER MALICIOUS ACTORS. THE ECONOMY ITSELF IS VULNERABLE, WITH UK BANKS RIGHT IN THE FIRING LINE Malicious actors are targeting critical national infrastructure (CNI) sites and energy distribution facilities on a growing scale. Interconnected systems in the energy industry are greatly increasing vulnerabilities, while cyber-attacks often go undetected for some time. As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences. "Espionage and sabotage attacks against CNI organisations have increased over the years and I don't think we have seen it all yet," says Sami Ruohonen, labs threat researcher at Finnish cyber security company F-Secure. Connecting Industrial Control Systems (ICS) to the Internet is increasing, and many CNI systems in use today were installed and built before 24/7/365 internet connections were the norm - and the advent of Stuxnet. Many Operational Technology (OT) components have built-in remote operation capabilities, but are either partly or entirely lacking in security protocols such as authentication. Moreover, cyber security was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Transitioning these systems to the Internet has opened them up to attacks from a myriad of angles. "Critical infrastructure, due to its nature, is an interesting target for a foreign nationstate, even during peacetime," Ruohonen adds. F-Secure's report makes the following points: A variety of adversaries, each with their own motivations and tradecraft, constantly strive to compromise organisations that operate critical infrastructure Attackers have more time than their targets and will take months to plan their attack People are the weakest link in production, with company employees seemingly being criminals' go-to target Attackers continue to succeed, mainly due to organisations' lack of mature cyber security practices Nation-state sponsored Advanced Persistent Threat (APT) groups are relentless, and continue to seek network foothold positions on CNIs and espionage opportunities, in the interests of exercising political leverage Nine attackers/malwares/techniques targeting the energy industry stand out, with spear phishing being the most common initial supply chain attack technique Keeping a small attack surface in the energy industry - while often pitched as the best way to mitigate the risk of a cyber-attack - is simply not possible. While breaches are a certainty, Ruohonen advises organisations to carefully review their cyber security posture to implement latest technologies, such as an endpoint detection and response (EDR) solution. "EDR is a quick way to tremendously increase capabilities to detect and respond to advanced threats and targeted attacks, which might bypass traditional endpoint solutions," he explains. "Managed EDR solutions can provide monitoring, alerting, and response to cover the needs 24/7. This means organisations' IT teams can operate during business hours to review the detections, while a specialised cybersecurity team takes care of the rest." IRANIAN CONNECTION Iran looms large as a source of such attacks, with a large-scale coordinated cyber assault on UK infrastructure, which took place in December last year, attributed to that country. In the campaign, personal details were stolen from thousands of employees, including those working at the Post Office, major banks and local government. David Atkinson, CEO of Senseon and ex cyber operative, describes the incident as 26 computing security July/August 2019 @CSMagAndAwards www.computingsecurity.co.uk
cyber espionage a "sobering story" that demonstrates how wide the scope is when we talk about nation state cyber-attacks. "The temptation is to think of one government's agency fighting another," he says. "However, as this story demonstrates, the reality is that the battlefield extends beyond that to businesses, public services and other organisations. In this case the Post Office, local government and banks are the victims that were caught in the crossfire. "This attack also shows that we need to change awareness of what constitutes critical infrastructure. Again, we are not just talking about the energy sector, communications and industrial organisations. Threat actors will also target the economy and, if a largescale attack is launched against the UK's banks, you can bet the situation will quickly become critical. The government has a responsibility to ensure a good standard of security and defence across all major organisations to safeguard the UK." MASSIVE INVESTMENT Andy Barratt, UK managing director of cybersecurity consultancy Coalfire, argues SOFTWARE: A SOFT TARGET that Iran's effort to steal sensitive data from UK public sector organisations "is another example of a surge in nation-state backed cyber espionage in recent years". Even a cursory look at the cyber strategies of countries around the world - both in Asia and the West - shows that there is massive investment in offensive digital capabilities, he points out. "It's interesting that Iran is seeking to extract data, rather than bring down core infrastructure like other nation-state attacks have done - North Korea's WannaCry hack, for example, brought parts of the NHS to a standstill. It's possible that Iran is being careful, given the West's penchant for military activity in the Middle East. But it's also possible that this was an intelligencegathering exercise to collect the data needed for more targeted espionage in the future." Public sector employees are a good target for accessing data, if the end goal is to access government infrastructure, he warns. "The attack costs are relatively low and a huge database of potential targets can be built up quickly." David Atkinson, Senseon: the battlefield extends beyond that to businesses, public services and other organisations. Andy Barratt, Coalfire: Iran is another example of a surge in nation-state backed cyber espionage in recent years. State hacking campaigns, such as Cloudhopper, that target software supply companies are incredibly dangerous. "By breaching one company, you can create a backdoor into thousands of others," cautions Simon Whitburn, SVP Cyber Security Services at Nominet, pictured above. "The information gathered from these types of attacks can then be used for spear phishing attacks on high value individuals, which is where serious damage can be done. Defending against this type of campaign can be very tough, he adds. "There is a feeling amongst users that, if lots of people trust and use a service, then it must be secure. This can result in companies downloading software without checking it themselves first. Cloudhopper demonstrates that this is a dangerous assumption. Whenever a company uses an outside service, even from a reputable source, they need to check that there is nothing malicious lurking in the code. This will add to the deployment time, but could help protect organisations against this type of malware spreading. One way of noticing if third party services have been compromised is to measure DNS traffic, which could flag if a programme is calling out to a command and control centre." www.computingsecurity.co.uk @CSMagAndAwards July/August 2019 computing security 27
Page 1 and 2: Computing Security Secure systems,
Page 3 and 4: comment NATION IN TRANSFORMATION In
Page 5 and 6: p ent est INFORMATION SECURITY ASSU
Page 7 and 8: editor's focus from the public and
Page 9 and 10: True multi-factor authentication wi
Page 11 and 12: GDPR fine is preliminary," states A
Page 13 and 14: case study "Equally, it does not he
Page 15 and 16: product review WEBROOT BUSINESS END
Page 17 and 18: financial focus an online banking u
Page 19 and 20: inside track EDUCATION, EDUCATION,
Page 21 and 22: Webroot empowers businesses with pr
Page 23 and 24: threat intelligence have seen an im
Page 25: 12th edition of the most recognized
Page 29 and 30: CYBER SECURITY europe 9-10 October
Page 31 and 32: industrial cyber security MULTIPLE
Page 33 and 34: endpoint detection and response GET
Page 36: Brookcourt Solutions (A Shearwater

CS1907

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?