Malware Mayhem : Utilitity Providers Are Being Bombarded With Cyberthreats

Various strains of malware have been impacting the critical infrastructure in the U.S. and beyond. Especially that of critical utility providers. Perhaps the most high-profile example occurred in late 2015 when roughly 100,000 Ukrainians were left in the dark following an apparent breach of several of the nation’s top energy companies. Upon investigating, researchers have come up with multiple theories for exactly how the hackers orchestrated the attack. What we do know is that they remotely accessed breakers of several power plants. The Department of Homeland Security has also identified KillDisk (which wipes certain targets on disk drives) as playing a role in corrupting the master boot record, thereby “rendering systems inoperable,” according to Ars Technica.

We also know that the cyberattack on Ukraine’s power grid is arguably the most terrifying hack to date. The ability to knock entire regions of a nation off the grid introduces horrific potential for other types of crime, making it a matter of national security.

The worst part of it is that utilities continue to be impacted by cyberthreats.

The Dangers Compound

In late April, Lansing Board of Water & Light (BWL), a Michigan-based utility organization, had several systems knocked offline. These included the accounting department, the customer support line for outages, and email services for up to 250 employees. The culprit was ransomware – a specific strain was never named. According to the Lansing State Journal, the utility did not pay the ransom, but faced about $2 million in remediation expenses.

Ransomware and KillDisk are hardly the only threats.

The Crippling Hidden Costs of Ransomware

At this point, the devastating impact ransomware can have on organizations in any industry have been witnessed the world over. Earlier this year, one hospital in Southern California was infected with Locky ransomware. The facility had to pay hackers $17,000 to get its systems back online, and this was after it declared an internal state of emergency. A few months later, the FBI announced that encryption malware was on pace to steal $1 billion from organizations in 2016.

While these costs and occurrences are alarming in and of themselves, they don’t necessarily illustrate just how financially damaging ransomware can be to organizations. There are hidden costs in addition to the initial ransom that are less talked about, but no less crippling.

Downtime and Remediation Costs

As we clearly saw from the Los Angeles hospital incident, system downtime is extraordinarily troubling – records were kept using pen and paper, and external communications took place via fax machine. However, downtime is as expensive as it is inconvenient. According to research from the Ponemon Institute, IT-related downtime costs businesses, on average, $7,900 per minute. In fact, DARKReading contributor Andrew Hay ran the numbers for the ransomware that impacted the aforementioned hospital, and it came up with this number : $533,911. That, according to Hay, is the total amount of estimated revenue that the facility lost, in addition to the $17,000 ransom.

Still, that’s only the tip of the iceberg. These “downtime” expenses don’t necessarily account for the longer-term, hard-to-quantify expenses, such as reputational damage, or what Hay refers

Hackers Are Raiding Retailers’ IT Networks

Managing endpoints in a retail environment poses a slew of security complications. The industry has been heavily targeted by hackers in the past year or so.

Specifically, cybercriminals have leveraged difficult-to-detect point-of-sale malware such as BlackPOS (the culprit behind the infamous Target breach), AbaddonPOS, CherryPicker, CenterPOS, RawPOS and finally ModPOS – a strain that researchers called “by far the most sophisticated POS malware,” upon its discovery in late 2015. The reason ModPOS is so terrifying is because in addition to its memory-scraping capabilities, it has a keylogger that helps it gather local network information such as metadata. In effect, this makes it possible to bypass encryption.

EMV Is Not a Silver Bullet

In late August, clothes retailer Eddie Bauer announced that it was the victim of a payment card data breach, and that customers who used their card at stores in the U.S. or Canada between Jan. 2 and July 17 may have been affected. These types of announcements have become fairly commonplace, but this one was different.

According to IT World Canada, the unnamed strain of POS malware is believed to have been designed to work against magnetic stripes as well as EMV cards. At the time of this writing, it remains inconclusive if EMV cardholders were also affected. Nevertheless, all customers in the stated timeframe, including those who made their purchases with the new chip-card technology, have been notified of the breach.

“EMV technology isn’t a panacea for POS malware.”

More recently, hackers managed to break into a cloud-based point-of-sale system that is responsible

Better Computer Management Is a Matter of National Security

Military and law enforcement agencies have long benefited from the ability to wirelessly and remotely access information while on the job. However, as mobile endpoints play an increasingly central role in supplying field officers with real-time data, they may also introduce new cyberthreats. Consider, for instance, the dangers associated with a lost or stolen military Toughbook that ends up in the hands of criminals and ends up posing a risk to national security.

Criminal Justice Information Services (CJIS) guidelines aim to mitigate some of these risks through certain provisions such as strong password management, multi-factor authentication requirements and email encryption, just to name a few.

While adherence to CJIS standards will enhance cybersecurity, compliance can’t be your agency’s only defense strategy. Hackers are becoming increasingly sophisticated, and in some cases, are backed up by nation states. The bottom line is that it takes a lot more than compliance to protect military and law enforcement field endpoints.

The Department of Justice Data Breach

An example of what’s at stake for military and law enforcement agencies occurred in early 2016, when the Department of Justice was breached after hackers managed to access an insider’s email account. From here, the intruders were able to “social engineer” their way into the DOJ intranet, and subsequently access critical databases. According to Computerworld’s Darlene Storm, the hackers then stole and dumped “9,000 DHS [Department of Homeland Security] employee names, email addresses, locations, telephone numbers and titles” on the web.

Soon after, the cyberattackers executed a second data dump, this

Hackers Hamstring Uncle Sam : Voter Data Stolen by Cyberattackers

Hackers have gone after the U.S. government for a variety of purposes: to steal personally identifiable information of government employees, in an effort to pilfer trade secrets, to commit tax fraud and more. Recently, however, they sought to undercut the government by going after its lifeblood : registered voters.

According to the Chicago Sun Times, hackers accessed personal information belonging to as many as 200,000 registered voters in the state of Illinois. Illinois State Board of Elections General Counsel Ken Menzel stated that the cyberattackers first infiltrated the online voter registration portal. From there, they managed to access a database holding personal information belonging to residents of Illinois – despite having blocked the IP addresses of hackers and shutting down the system upon learning of the breach.

“Hackers accessed voter registration data, including names and addresses, dates of birth and in some cases, the last four digits of Social Security numbers and driver’s license or state ID numbers.”

Arizona also fell prey to a breach of its voter registration data; however, reports suggest that the infiltration was much more limited than that of the Illinois board of election.

What We Know About the Breach So Far

“The breach was orchestrated using an SQL injection.”

The breach first came to light in late August, when the FBI notified the affected states of the incident. The agency subsequently issued warnings to other state election boards to look into any possible indicators of an incident.

All eyes were on Russia immediately following the breach, according to