‘Holiday period attacks no coincidence – simply sophisticated planning’
As the holiday season approaches, we will all have a stack of things to do before we rush away to take some well earned time off to relax with family and friends – BUT – unfortunately, this change to our normal daily routine and mass desertion of staff from normal duties is often seen by cyber criminals as the perfect time to strike.
This very point was highlighted in a recent report, following a Christmas Eve attack carried out last year on the Scottish Environmental Protection Agency (SEPA). More than 4,000 digital files were stolen and the company held to ransom in what the authorities described as an attack displaying ‘significant stealth and malicious sophistication’. Even after the initial attack, the crime gang attempted to sabotage the SEPA teams efforts to recover and restore uninfected backups. Despite being reasonably well protected at the time, the environmental watchdog finds itself almost one year on, having spent in excess of £800k and still not fully recovered from the attack.
Keen to share their learnings, SEPA have been very open with the report by business advisors, Azets, with one of the key findings that the company’s emergency management, disaster recovery and incident management plans could have been more readily available. At the time of the attack, these documents did not exist in hard copy format, but instead resided only on the servers that were themselves coming under attack.
DTG Cyber Security Consultant, Tim Gowling, said:
“This is yet another example of the level of sophistication that cyber criminals are reaching and once again reinforces just how serious we all need to take the security of our systems and data. In the heat of the day job, it can be extremely difficult to justify taking time out to fully test disaster recovery plans, but come the day of reckoning, this investment will pay back many times over.
“It is also vital, when testing such procedures, that we do so in a worst case scenario, such as imagining its Christmas Day, when nobody is around and phone calls go unanswered.”
Exploiting this out of hours vulnerability is nothing new, with one of the most daring US$1 billion raids almost perfectly executed in 2016. The Lazarus Heist as it became known was meticulously planned by a gang of North Korean hackers, aimed at transferring money from the New York based Federal Reserve Bank through Bangladesh’s national bank to accounts in the Philippines.
The heist began late on a Thursday evening in Bangladesh, knowing that the bank would be closed on the Friday. Meanwhile, being Thursday morning in New York, the Federal Reserve would have all day to process the transfer. Should the Bangladesh bank suspect anything, it would be the weekend in New York, and the Federal Reserve would be closed. In addition, the following Monday was a national holiday across much of Asia, potentially delaying any possible discovery of the attack.
Had it not been for a small coincidence and a spelling error the gang would have netted the entire US$1 billion catch, but they still managed to walk off with US$81 million before the transfers were detected and stopped.
Tim continued:
“The importance of people shouldn’t be underestimated when dealing with cyber crime, before, during and after an attack. Having sophisticated protective software and detection systems is one thing, but augmenting this with all staff vigilant to potential threats and key staff fully trained on how to respond and recover from an attack will provide a far more robust defence.”
How can DTG help further?
DTG recently launched a revolutionary Industrial Cyber Assessment tool (CAsT), which identifies security weaknesses in Industrial (OT) systems and offers solutions to increase an organisations resilience to emerging cyber threats.
DTG can also provide bespoke Industrial (OT) Cyber Security training for staff, available in various formats including traditional face to face, online live webinar or on demand e-Learning modules.
Our combined approach offering OT Cyber Training in conjunction with the CAsT application is a game changer for process industries looking to improve their OT cybersecurity in critical infrastructure.
For more information, contact us at [email protected] or visit our website www.digtechgroup.com.
Read our previous Cyber related blogs!
DTG Support National Cyber Security Awareness Month
Forewarned is Forearmed When it Comes to Cybersecurity
NSA Issue Cybersecurity Advisory on Operational Technology
Healthcare Sector Not Immune to Cyber Attack – Even in a Pandemic
