This post is also available in: Español (Spanish)
It is true that the Internet has revolutionised the world, but since its birth it has been seen to be very vulnerable, thus causing a multitude of attacks and incidents related to cybersecurity.
I am sure that in recent years you have heard about companies that have been affected by some cyber-attacks. Probably very close to you. And it is true that in the last decade, few organisations have escaped a cyber attack, which has resulted in countless losses of time and money. But did you know that in many of these cases the damage could have been minimised or even prevented?
There are several methods of protection against cybercrime, such as good staff awareness. There are also different solutions, such as network segmentation or different cyber security tools.
Putting these in context, these have been some of the cyber attacks that companies or their staff have suffered over the last decade. This could have minimized or avoided the damage.
Wannacry: An attack on a global scale
In 2017, Wannacry infected more than 230,000 Windows computers worldwide; it affected large companies such as Gas Natural, Iberdrola and Telefónica. This ransomware was introduced into computers using the Microsoft operating system, encrypted the files and prevented users from accessing them until they paid $300 in bitcoins within three days.
To deal with ransomware attacks, one tool that has proved very useful is Sophos Intercept X. This solution is able to block incursion attempts as soon as the virus starts trying to encrypt files. It then manages to return the files to their original state.
Stuxnet: The virus affecting Iranian nuclear plants
Stuxnet was discovered in June 2010 and is considered to be the first malware to be located when targeting industrial systems. It reached the Natanz (Iran) nuclear programme via an infected USB stick. Some employee, it is not known whether accidentally or not, physically inserted the infected USB into a computer connected to the network. The worm was specifically programmed to change the program of the automatons and destroy the centrifuges they controlled. When the operators realised the situation was already out of control: the virus contained a code that prevented the machines from shutting down.
To minimise or even prevent damage to your industrial production plant, one solution is to segment the plant network by zones, using safety standards such as IEC62443. Industrial plants, which are increasingly connected to the Internet, need to segment their IT and WO networks. Likewise, it is key to have surveillance managed through firewalls, which can be accompanied by access control with links to a private industrial Cloud environment.
DarkHotel: Spying on executives in luxury hotels
DarkHotel began its expansion in January 2009 and targets mainly people who run businesses, using the hotels’ Wi-Fi networks. This malware tricks its victims into installing a backdoor, which masquerades as an update to legitimate software such as Adobe Flash. In this way, the virus accesses all the information that managers treasure, including their company and the money they handle.
Many cybercriminals take advantage of public Wi-Fis and places where they know the profile of the Internet user is high, such as luxury hotels or airports. One solution to prevent this type of attack can be the use of a Virtual Private Network (VPN).
By activating a VPN on the device, a kind of tunnel is built between the user and the destination. This network encrypts the information that is sent and received through a public WI-FI network, preventing anyone from being able to get hold of it.
Another solution would be not to use a basic anti-virus on your device, but a security solution that includes a proactive defence against new threats, such as Sophos Mobile.
BadRabbit: Another ransomware epidemic
In October 2017 there was a new ransomware attack that affected several organizations in several countries. This attack was spread by a fake update of Adobe Flash. As with WannaCry, BadRabbit displayed a warning on the screen offering to retrieve the encrypted computer in exchange for payment of $281. The Russian agency Interfax was the first to raise the alarm as it was the first to report that its servers were offline due to a cyber attack.
In order to minimise damage in the event of a ransomware attack, it is important to provide comprehensive data protection for all workloads, whether they are virtual, physical or in the Cloud. This can be done by replicating or backing up data on multiple devices with, for example, Veeam Backup and Replication.
Mirai: A massive DDoS attack
In recent years, the emergence of the Internet of Things (IOT) has meant that those devices that do not have anti-virus and whose security has not been monitored, have begun to receive infections on a massive scale. Once affected, these devices tracked others of the same type and passed them on. This is how Mirai was born, a malware of the botnet family which aimed to carry out denial of service attacks (DoS or DDoS).
One of the best known attacks was in October 2016 against Dyn, a US internet company. This attack was based on the use of millions of IoT devices and through the use of multiple denial of service attacks against systems operated by the domain name provider.
Dyn was unable to withstand this massive DDoS attack. The DNS, as well as the services that depended on it, were crippled. The attack affected the online services of Amazon, Netflix, Paypal, Spotify, Twitter and many others.
For the detection of vulnerabilities in a company, including IoT devices, a good tool would be Tenable. This solution is capable of identifying, investigating and prioritising vulnerabilities accurately, thus obtaining a continuous and real-time assessment of the security situation.
Roge7: Hacking into the industry’s most secure drivers
A group of Israeli researchers has recently shown that it is possible to take over the Simatic S7 automaton, one of the safest controllers in the industry. The revelation took place recently at the Black Hat security conference in Las Vegas. The researchers redesigned the key exchange protocol used for secure session configuration between TIA and PLC. They were able to find some weaknesses that they used, undetected by the program, to run program downloads, modify programming, and start and stop attacks on the program that was running on the PLC.
In order to prevent this type of attack, Enigmedia created Mercury, a solution capable of protecting industrial devices and their communications by offering authentication, integrity and encryption. All this guarantees the availability of the equipment. The system is fully compatible and transparent with Siemens equipment and its protocols, which adds the appropriate measures to stop this type of attack.
Partnering with a technology partner specialised in cyber security, with experience and quality of service, is essential for today’s SME. It is vital to have good management of your data and tools, with guarantees of reliability and security, so that you only worry about what really matters: your business.