Solar Winds Blows Cyber Chill

Solar Winds

The Solar Winds cyber-attack at the end of last year was a great example of the implications that this type of incident can have on the supply chain of an organisation.

Background

Solar Winds are a major US IT firm which provide software globally to Fortune 500 companies and the US government who regularly send out updates to their customers.

What Happened ?

During one of the updates Solar Winds inadvertently sent out updates that included a code that had been hacked. The code it is understood was added into the computer system “Orion” which is primarily used by firms to manage their IT resources. This particular system has 333,000 customers.

This created a backdoor to many of their customers computer systems which once in hackers installed further malware.It is understood that the attack took place for a number of months before it was discovered. It has been reported that 18,000 customers installed these updates which contained the malware.

Worst was still to come when US government agencies updated Orion’s software with the vulnerability being utilised to install Supernova and CosmicGale malware.This ultimately allows a hacker to  use remote code on the Orion software.

Who Was Impacted By This ?

The most highest profile company to be affected was FireEye who is a leading cyber security firm. Other companies including Microsoft, Cisco, Intel and Deloitte.

In addition to this a number of US government departments were compromised including the Department of Homeland Security and Treasury Department.

Who Carried Out The Attack ?

It is believed that Russian group SVR were behind this although some sources believe it may have been a Chinese targeted attack. No one is sure.

What Damage Was Caused?

Numerous e-mail accounts were broken into giving the hackers access to information contained within these.The accounts of the US government departments announced that only unclassified information  was compromised.

Impact On The Supply Chain

With many computer systems being accessed the task is to try and secure these and the time it will take to carry this out.

Many companies rely on companies for services be these IT related or otherwise and when these are compromised the implications of a cyber attack can run through the entire supply chain.

How Can Cyber Insurance Help ?

This form of insurance can provide many benefits for an organisation hit by such an attack.

The policy provides 24/7 emergency responses access to a specialist panel of vendors who have the specialism and skill set to manage and help with incidents such as these.

For example a forensic investigation can be carried out to ascertain the extent of the attack and if data has been compromised. Costs associated with subsequent claims by individuals and legal fees can also be covered under this policy.

Image : Shutterstock

The Cyber Security Threats For 2020

Cyber Security Threats

Cyber Security threats are evolving all the time making it extremely difficult for business to combat this and it is now even more important to have in place the appropriate protections to keep them safe from hackers.

The same core cyber security threats still exist but these are becoming more sophisticated and difficult to trace and prevent.

Ransomware   

Ransomware is now not just used as a scatter gun approach but is now being more targeted at businesses where ransom demands are now much larger than before. The decision now becomes to pay the ransom in order to obtain the decryption key to mitigate the interruption to the everyday operation of the organisation or to hold out and rely on the back-ups in place that hopefully would not be corrupted. New strains of ransomware are also appearing and becoming increasingly difficult to repel.

Phishing Attacks

These types of threats remain prominent and despite an increase in training by companies to help employees spot such attacks, commonly sent via e-mails, success is high for hackers still reaping rewards.

Internet of Things

The interconnection of devices is increasing at an alarming rate with all aspects of life now being connected from the office to the home . The concern is that people are more reliant on this and this provides greater opportunity for hackers to access a network and cause disruption.

The Supply Chain

The supply chain of any business is in many cases fundamental to its operation where this be the supply of technology or the provision of non IT services. The cyber security of such entities is in a number of cases not as robust as the principal business and should their IT be compromised this can lead to a hacker gaining access up the line.

The Insider Threat

This remains a prominent threat and is to an extent still hard to predict as this is determined by human nature. Even with the most sophisticated firewalls in place if an employee is determined enough to steal data they will succeed. It will be interesting to see how the Morrisons case develops which laid down that businesses are vicariously liable for the actions of employees in the event of a data breach of their employees personal data.

Artificial Intelligence  ( AI)  

AI as it is know is perhaps the newest of the cyber threat vectors that now exist and is the most unknown but potentially the one that could cause the most disruption. It is also the most difficult to defend against. Deep Fake videos are a fast developing area where a believable video conference call from what is thought to be the CEO could have been created by AI , this could lead to misinformation being relayed within the company and impact business decisions.

Image : Shutterstock

Manufacturing – Cyber A Real Threat

Manufacturing

The manufacturing industry is becoming a prime target for hackers where their technology is being compromised resulting in significant disruption within this sector.

Make UK , the Manufacturers Organisation recently carried out a cyber security resilience survey in the UK which demonstrated varying degrees of preparedness by manufacturers.

https://www.makeuk.org/insights/publications/2019/09/06/cyber-security-and-manufacturing

The highlights of the report were as follows:-

  • 60% of manufacturers indicated that they had been subject to some form of cyber security incident
  • 41% of their customers had requested evidence of the robustness of their cyber security processes and procedures
  • 31% of manufacturers were also asked this question within the supply chain

IBM’s 2019 Global Threat Intelligence Index showed that 10% of all attacks are aimed at the manufacturing sector.

Cyber Risk 

As with most business digital transformation is underway but with this brings new vulnerabilities and threats which need to be managed. For the manufacturing sector achieving the optimum production rates is vitally important and one of the ways in achieving this is through digitisation and a greater reliance on connectivity throughout the organisation.

What are some of the main Cyber Threats in this sector?

  • The theft of intellectual property by a hacker
  • Ransomware attacks from malware
  • Phishing attacks through as a result of access via the industrial control system
  • Spam messages which when deployed on mass will impact on productivity and communications within the organisation.
  • The compromise of the firms website that may impact on their reputation should defamatory of controversial commentary be posted by a hacker.
  • Employees or customers being subject to identity theft where they have had their personal details accessed by a cyber attack. This could include bank and credit card information details that are then used to commit fraud or are sold on the dark web.

How can the sector help protect itself ? 

Cyber risk management plays an important role in combating the evolving and unpredictable cyber threats that exist and should be pro-active rather than reactive.

In tandem with this businesses in this sector would benefit from purchasing cyber insurance which provides coverage for financial loss caused as a result of unauthorized access of their computer systems. More important it also provides incident response services from an established vendor panel drawn up by insurers.

Irrespective as to how cyber threats are managed it important that this given the correct level of priority at board level so that the right attention and appropriate resources are utilized to protect the well being of the organization.

Image : Shutterstock

Deep Fake – Do You Believe ?

Deep Fake

Deep Fake is emerging as a prominent new cyber threat which businesses are now facing and need to implement measures to counteract.

What is Deep Fake?

Deep Fake is a method that combines and superimposes existing images and videos onto source images onto source images and videos using artificial intelligence. It uses a machine learning  technique known as generative adversarial network (GANS)and first emerged towards the end of 2017.

Video content has historically been very difficult to change but with the use of artificial intelligence this has helped make the process easier.

What are the typical threats?

  • Creating an emergency situation that is not real and causing panic.
  • Disruption to an election by false statements
  • The making of a false announcement to directors and shareholders
  • An image of a director requesting the fraudulent transfer of funds.
  • Posing falsely as a partner that may affect a relationship
  • False video of a celebrity in compromising situations.

How are Deep Fakes detected?

Sophisticated deep fakes are difficult to detect where as the more amateurish ones can be spotted quite easily such by a lack of blinking or shadows of individuals that do not seem to be in the correct position.

It is also possible for them to also be trained to avoid detection and is therefore a cyber threat that is hard to combat.

Last week Google released a database of 3,000 deep fakes to alter faces and to make people say things they never said. These were of course actors the purpose of this was to help researchers build tools required to take down harmful fake videos that could cause distress to individuals and harm to businesses.  https://nakedsecurity.sophos.com/2019/09/27/google-made-thousands-of-deepfakes-to-aid-detection-efforts/

Well Known Deep Fakes

Deep fakes have been carried out on many famous individuals from Donald Trump to Tom Cruise and Theresa May.

Here are some examples

https://www.creativebloq.com/features/deepfake-examples

The Future of Deep Fakes

The world of Deep Fakes will no doubt develop beyond a level which makes them impossible to differentiate between what is real and what is not – this is one race that hackers seem to be so far ahead that it will be difficult catch them.

Image : Shutterstock

Artificial Intelligence – Helping Cyber Security

Artificial Intelligence

Artificial Intelligence (AI)  is now playing a significant role in helping to managing cyber risk. This was recently evident in the aftermath of the Nordsk Hydro ransomware attack where AI was utilised to identify further vulnerabilities.

This form of automative technology would seem to be a good match for managing the constant threats posed by hackers where new cyber attacks relentlessly attack computer systems and constant monitoring is required. Despite the automation basis there however still needs to be human involvement in this process.

How Does AI Work ?

Billions amounts of data is consumed by AI via machine learning and deep learning techniques. This makes it possible to improve and develop its cyber security bank of knowledge which ultimately provides a better understanding of existing and developing cyber risks.

AI utilizes reasoning in order to identify relationships cyber threats malware threats and dubious IP threats . This is then analysed in a very short period of time thus enabling users to respond and act on imminent cyber threats.

Where can Artificial Intelligence be used ?

  • Monitoring of computer systems
  • Predictive tool for new threats
  • Analysis of threats based on current activity
  • Monitor Human activity
  • Post data breach tool
  • Detection of viruses and malware

The Future 

Capgemini released a report last month “Reinventing Cybersecurity with Artificial intelligence”

https://www.capgemini.com/wp-content/uploads/2019/07/AI-in-Cybersecurity_Report_20190711_V06.pdf

The report revealed that 69% of organisations felt that AI will be necessary to respond to cyber attacks in the coming years. Telecoms in particularly were of the view that this would help mitigate the sizable losses already experienced in this sector. Many organisations are gearing up for testing the viability of AI and how it can help their cyber risk management processes. Budget provisions for this are being made as long term there are many  costs benefits in AI.

Artificial Intelligence is developing at a rapid rate and it is important that its application remains relevant to the cyber security sector as other industries also show an interest in this technology.

Image : Shutterstock

Ransomware Is Still A Major Threat

Ransomware

Ransomware still remains one of the main methods that hackers utilise to carry out cyber attacks on businesses.

New strains of viruses are emerging all the time one such type is Sodinokibi which is only three months old but has had a significant impact already. It is also know as Sodin and REvil and connected to a previous form of ransomware called GrandCrab.

It is beloved that the average ransom demand for Sodinokibi in May was $150,000 against $50,ooo for other forms of ransomware. The largest recorded to date is $500,000.

Furthermore according to a report by Coveware, an incident response company the average downtime from a ransomware attack during the first part of this year has increased from 7.3 days 9.6 days which is believed to be due to the impact of this new ransomware.

The use of  Sodinokibi is also on the increase so much that it now accounts for 12.50% of the overall market.

Attack Methods

Sodinokibi is a ransomware-as-service (RaaS) and is used to attack both businesses and consumers and use various attack methods that include the following:-

  • Acting as malicious spam
  • Phishing attacks
  • Malvertising
  • Exploitation  of vulnerabilities in Oracle

The Signs of this Ransomware Infection

The normal signs of a ransomware attack are displayed when a computer system has been compromised by Sodinokibi this being changes in the desktop wallpaper and the announcement of the attack by way of a ransom note.

https://www.zdnet.com/article/sodinokibi-ransomware-is-now-using-a-former-windows-zero-day/

How it Happens

Files are encrypted on local drives by an encryption algorithm renaming all files with a pre-generated pseudo- random alpha- numeric extension that can be up to eight characters in length. This type of ransomware appears to target files which are mainly media related.

It also has been found to delete shadow copies of back-up and disables the Windows Startup Repair tool which prevents users from fixing any system errors relating to the ransomware attack.

Sodinokibi is unique in that it does latch on to zero-day vulnerabilities and and allow a Sodinokibi ransomware attacker access to endpoints that it infects replicating tasks that administrators would normally carry out.

How to Try and Prevent an Attack

Creation of back-ups of data on an external drive or on the cloud

Ensure that updates are run on all computer systems and appropriate patching is carried out.

Reinforce training of staff so that they are aware of possible phishing attacks that might carry this ransomware.

Restrict the use administrative tools to the IT team

Disable macro on Microsoft Office products

Cyber Insurance

The purchase of cyber insurance can help manage and mitigate the impact of these form of attack. This type of policy will provide coverage for the investigation costs of such an attack, the cost of negotiating with the hackers and if need be the actual ransom itself.

Image : Shutterstock