Manufacturing – Cyber A Real Threat

Manufacturing

The manufacturing industry is becoming a prime target for hackers where their technology is being compromised resulting in significant disruption within this sector.

Make UK , the Manufacturers Organisation recently carried out a cyber security resilience survey in the UK which demonstrated varying degrees of preparedness by manufacturers.

https://www.makeuk.org/insights/publications/2019/09/06/cyber-security-and-manufacturing

The highlights of the report were as follows:-

  • 60% of manufacturers indicated that they had been subject to some form of cyber security incident
  • 41% of their customers had requested evidence of the robustness of their cyber security processes and procedures
  • 31% of manufacturers were also asked this question within the supply chain

IBM’s 2019 Global Threat Intelligence Index showed that 10% of all attacks are aimed at the manufacturing sector.

Cyber Risk 

As with most business digital transformation is underway but with this brings new vulnerabilities and threats which need to be managed. For the manufacturing sector achieving the optimum production rates is vitally important and one of the ways in achieving this is through digitisation and a greater reliance on connectivity throughout the organisation.

What are some of the main Cyber Threats in this sector?

  • The theft of intellectual property by a hacker
  • Ransomware attacks from malware
  • Phishing attacks through as a result of access via the industrial control system
  • Spam messages which when deployed on mass will impact on productivity and communications within the organisation.
  • The compromise of the firms website that may impact on their reputation should defamatory of controversial commentary be posted by a hacker.
  • Employees or customers being subject to identity theft where they have had their personal details accessed by a cyber attack. This could include bank and credit card information details that are then used to commit fraud or are sold on the dark web.

How can the sector help protect itself ? 

Cyber risk management plays an important role in combating the evolving and unpredictable cyber threats that exist and should be pro-active rather than reactive.

In tandem with this businesses in this sector would benefit from purchasing cyber insurance which provides coverage for financial loss caused as a result of unauthorized access of their computer systems. More important it also provides incident response services from an established vendor panel drawn up by insurers.

Irrespective as to how cyber threats are managed it important that this given the correct level of priority at board level so that the right attention and appropriate resources are utilized to protect the well being of the organization.

Image : Shutterstock

Deep Fake – Do You Believe ?

Deep Fake

Deep Fake is emerging as a prominent new cyber threat which businesses are now facing and need to implement measures to counteract.

What is Deep Fake?

Deep Fake is a method that combines and superimposes existing images and videos onto source images onto source images and videos using artificial intelligence. It uses a machine learning  technique known as generative adversarial network (GANS)and first emerged towards the end of 2017.

Video content has historically been very difficult to change but with the use of artificial intelligence this has helped make the process easier.

What are the typical threats?

  • Creating an emergency situation that is not real and causing panic.
  • Disruption to an election by false statements
  • The making of a false announcement to directors and shareholders
  • An image of a director requesting the fraudulent transfer of funds.
  • Posing falsely as a partner that may affect a relationship
  • False video of a celebrity in compromising situations.

How are Deep Fakes detected?

Sophisticated deep fakes are difficult to detect where as the more amateurish ones can be spotted quite easily such by a lack of blinking or shadows of individuals that do not seem to be in the correct position.

It is also possible for them to also be trained to avoid detection and is therefore a cyber threat that is hard to combat.

Last week Google released a database of 3,000 deep fakes to alter faces and to make people say things they never said. These were of course actors the purpose of this was to help researchers build tools required to take down harmful fake videos that could cause distress to individuals and harm to businesses.  https://nakedsecurity.sophos.com/2019/09/27/google-made-thousands-of-deepfakes-to-aid-detection-efforts/

Well Known Deep Fakes

Deep fakes have been carried out on many famous individuals from Donald Trump to Tom Cruise and Theresa May.

Here are some examples

https://www.creativebloq.com/features/deepfake-examples

The Future of Deep Fakes

The world of Deep Fakes will no doubt develop beyond a level which makes them impossible to differentiate between what is real and what is not – this is one race that hackers seem to be so far ahead that it will be difficult catch them.

Image : Shutterstock

Artificial Intelligence – Helping Cyber Security

Artificial Intelligence

Artificial Intelligence (AI)  is now playing a significant role in helping to managing cyber risk. This was recently evident in the aftermath of the Nordsk Hydro ransomware attack where AI was utilised to identify further vulnerabilities.

This form of automative technology would seem to be a good match for managing the constant threats posed by hackers where new cyber attacks relentlessly attack computer systems and constant monitoring is required. Despite the automation basis there however still needs to be human involvement in this process.

How Does AI Work ?

Billions amounts of data is consumed by AI via machine learning and deep learning techniques. This makes it possible to improve and develop its cyber security bank of knowledge which ultimately provides a better understanding of existing and developing cyber risks.

AI utilizes reasoning in order to identify relationships cyber threats malware threats and dubious IP threats . This is then analysed in a very short period of time thus enabling users to respond and act on imminent cyber threats.

Where can Artificial Intelligence be used ?

  • Monitoring of computer systems
  • Predictive tool for new threats
  • Analysis of threats based on current activity
  • Monitor Human activity
  • Post data breach tool
  • Detection of viruses and malware

The Future 

Capgemini released a report last month “Reinventing Cybersecurity with Artificial intelligence”

https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf

The report revealed that 69% of organisations felt that AI will be necessary to respond to cyber attacks in the coming years. Telecoms in particularly were of the view that this would help mitigate the sizable losses already experienced in this sector. Many organisations are gearing up for testing the viability of AI and how it can help their cyber risk management processes. Budget provisions for this are being made as long term there are many  costs benefits in AI.

Artificial Intelligence is developing at a rapid rate and it is important that its application remains relevant to the cyber security sector as other industries also show an interest in this technology.

Image : Shutterstock

Ransomware Is Still A Major Threat

Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock

Mergers & Acquisitions – The Cyber Risks

Mergers and Acquisitions

Mergers & Acquisitions are a complicated process with many facets of risk to consider of the target business – cyber exposures will be one of these but is the correct degree of attention given to this when a multimillion takeover or acquisition is at stake ?

Why are these risks ignored?

Mergers and acquisitions are a very complicated and time consuming activity for a business. Due diligence is undertaken which will involve many facets of the business under consideration. This will include the financial standing, employee numbers and makeup, market share and future prospects of the organisation.

Cyber risk maybe considered during this process but it is doubtful that any in-depth cyber risk management is carried out which could present problems post acquisition / merger.

What cyber security due diligence should be carried out?

  • Examination of the types of privacy risks of the targeted business that they may encounter in their industry.
  • Obtain detailed knowledge of the computer network and passage of date to include the supply chain and use of cloud providers.
  • How data is is managed and in particularly personal data of customers and intellectual property of the organisation.
  • Review of any contractual indemnities with customers and third parties who may suffer a data breach as a result of a cyber security breach.
  • Obtain details of any previous cyber attacks or compromise of data  with details of subsequent measures put in place to rectify similar incidents and improvements in cyber security.
  • Ensure that GDPR compliance has been achieved together with any other relevant regulatory requirements in other geographical locations.
  • Evidence of any cyber insurance being in place and review of adequacy together with details of claims made under the policy.
  • Review of their incident response and business continuity plans with proof of the testing of these.

The Verizon and Yahoo Merger 

In February 2007 Verizon Communications Inc purchased Yahoo Inc’s for $4.48 billion, but lowered  its original offer by $350 million in view of two significant cyber attacks that hit the internet business.

https://www.reuters.com/article/us-yahoo-m-a-verizon/verizon-yahoo-agree-to-lowered-4-48-billion-deal-following-cyber-attacks-idUSKBN1601EK

The takeover agreement included requirements that Yahoo would be responsible for any subsequently discovered cyber incidents.

Cyber Insurance

The existence of cyber insurance will assist with helping to mitigate the cyber risks associated of a proposed acquisition . Insurers will want to know in-depth details of their cyber risk management processes and procedures and only consider inclusion within an existing policy if these are satisfactory.

Image : Shutterstock

Are You Checking In With Hackers?

Hackers

Are you checking in with Hackers?

The hotel industry has been a prime target for hackers and this trend is likely to continue. So why are cyber attacks so prevelant within this sector?

Volumes of Data

Hotels hold vast quantities of data through many sources such as through their reservation systems for their customers . This will be personally identifiable information that would consist of names, addresss , e-mail addresses and passport details.

Online Payment Processing

Customers will log-in on a hotel website to make a reservation which will require them to provide debit or credit card details. These details could be compromised in the event of a data breach. Payment transactions can also remain exposed for a while on computer systems which presents further opportunity. In 2017 hotels accounted for 92% of all point of sale intrusions.

WiFi

The wi-fi in some hotels can be relatively insecure if their cyber security processes and procedures are not as robust as they should be. This can also lead to their data being compromised.

Symantec released a report this week which revealed that 67% of hotel websites surveyed leaked customer’s booking data. This was over 1500 hotel websites in 54 countries , this equates to two in three websites data could be used by third party sites such as advertisers.

https://www.symantec.com/blogs/threat-intelligence/hotel-websites-leak-guest-data

Supply Chain

Hotels relies on a supply chain which can include a number of contractors, broking and travel agencies . If there is a vulnerability with one of these it is possible that the hotel may be impacted by this causing business interruption or a data loss.

An Attractive Sector

This sector is a target because of the size of the market and the revenue that is generated each year, this provides opportunists threats for cyber criminals and the proliferation of fraud.

Cyber Attacks on the Hotel Industry

There have been a number of high profile cyber attacks on hotels where hackers have sought to steal data or cause disruption to the business.

Marriot International Hotels 

This is the largest data breach in this sector but also one of the largest in the world.

500 million guests were exposed to this cyber attack which included names and addresses and passport numbers. The attack emanated from the Starwood guest reservation database with who they had recently merged.Starwood themselves had previously experienced a data breach a number of years earlier.

https://www.telegraph.co.uk/technology/2018/11/30/private-data-500-million-marriott-guests-exposed-massive-breach/

Hyatt Hotels Corp

Hackers hit the restaurants front desks and parking facilities at 40% of their hotels situated around the world over a four month period.

It is understood that malware was designed to collect cardholder names, numbers and expiration dates.

Hilton Worldwide

Access was gained via the payment card system but on this occasion their was no evidence that data was stolen. The systems were in fact attack twice , cardholder details were again the main target.

As with all business that rely heavily on business via on-line transactions their cyber risk is very high and it is important that cyber risk management is a central focus to management.

Image : Shutterstock