July 2017: When a portion of the electric grid went down in Ukraine last year due to hacking, it seemed like no big deal to us Americans. But recently, researchers determined the hackers were probably testing advanced, scalable grid-sabotaging malware to prepare for a much larger attack. And that is a big deal.
Scenarios like this are no longer the stuff of spy novels. Here’s an overview of the threat trend, the importance of both protection and response, and five lessons to learn from the Ukraine electric grid hack:
What happened in Ukraine?
In December 2016, one-fifth of Kiev’s power went offline. The power distribution companies said hackers hijacked their systems, launched a simultaneous denial-of-service attack against the companies’ call centers, and sabotaged workstations to make turning the lights back on more difficult. This was the first outage to officially be blamed on hackers, and it’s believed phishing emails were the culprit. Last month, researchers determined that the malware has the ability to automate mass power outages, possibly against multiple targets.
This is new. Unprecedented.
It’s not 2007 anymore
If we were to hop in a time machine and go back 10 years, the main cyber threats were things like worms, viruses and spam. Malware attacks were mainly attached to emails, disks and thumb drives, and spam was mostly driven by underground pharmaceutical companies using compromised computers all over the world. While this was annoying and could make your online life a pain until you got rid of the viruses, your data and network weren’t really at risk. That wasn’t the goal of the malware.
Today, it is. We’re in an entirely different environment because risks have been continually escalating over time. And, like the temperature in the proverbial pot that ends up boiling the, um, toad, it can be hard to notice the changes.
Ransomware, social engineering and spear phishing are 2017’s preferred modes of attack — all of which can interrupt your work in a major and even permanent way. Cyber attacks are now taking down businesses, hospitals, government institutions and, yes, electrical grids.
Two sides of the cybersecurity coin — protection and response
Since your organization probably has spam protection under control and knows how to react to new viruses that sneak in anyway, it’s time to take the same concept of protection and response across your entire IT ecosystem.
For the protection side, think about updating to more advanced prevention systems. Newer systems are able to protect your organization from today’s threats much more effectively than systems from a decade ago, although they’re still not foolproof. You can get up to 80% protection without too much difficulty; but then getting from 80% secure to 99% secure can be very expensive so it usually doesn’t make financial sense. It’s best to try to get as much protection in place that makes financial sense.
For the response side, think about detecting problems, identifying where they are in your ecosystem, and putting things back together again quickly. To do this, you’ll need to have systems and solutions in place before you experience an attack —along with a defined, practiced methodology on how you’ll respond. Included in your response systems could be event correlated/artificial intelligence, anomaly detection, and incident response plans.
Lessons to learn from Ukraine
1. It’s not just about Europe. It’s about the world.
Just because the power grid that went down was in Europe doesn’t mean it won’t happen here. We have a lot of municipalities in the U.S. that need to protect their systems and be ready to respond. Think about all of the systems in your state alone. What’s more, these systems are no longer walled off from other systems or from other municipalities. Everything’s connected.
2. Multiple systems are vulnerable, not just the electric grid.
We’ve seen parts of Ukraine in the dark, hospitals in the U.S. rescheduling surgeries because ransomware shut down their systems, and elections in one country targeted by another for geopolitical reasons. Systems including transportation, traffic management, water distribution and treatment, building management, security systems, natural gas distribution — if a system involves a computer network, it can be targeted and targeted simultaneously with other systems. Scary but true.
3. Unprecedented is the new normal.
We tend to prepare for what we’ve seen happen in the past and tend to be shocked when things happen for the first time. In 2017, the time for being shocked is over — being unprecedented IS what’s precedented. If you embrace the concept of threat evolution and prepare for unprecedented disruptions, you’ll be way ahead of most.
4. Always be preparing to respond.
Being able to detect problems and deal with them before they can do too much damage is the foundation of a modern security stance. So, while you may have a new tool or solution that you think has you covered, or a risk model you’re comfortable with for now, it doesn’t mean you’re inoculated forever. The bad guys will keep coming up with new cyber attacks, so expect 2027 to be as different from 2017 as today is from 2007.
Think of preparing for cyber threats like practicing your wicked backhand. It’s part of playing the game and comes in really, really handy when you need it.
Leapfrog helps clients continually safeguard their networks and systems in ways that make sense for their unique situations and to respond appropriately to changing trends. Through managed services that cover everything from anomaly detection to end-user support to coordinating with internal IT teams, and with a dedicated client advisory team that creates and updates each client’s IT road map, we prepare for the unprecedented, so our clients can grow their businesses. Also, we now offer stand-alone disaster recovery solutions, including disaster recovery as a service (DRaaS) so businesses can be covered for big and small disasters without being a managed service client. Please contact us if you’d like more information.
If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.