FEATURE NOT ALL HEROES WEAR CAPES
Nefarious individuals, organised criminal gangs and state-sponsored attackers are using malicious software to disrupt and weaken organisations that don’t pay a ransom. Here, Advent IM suggests FMs can be the silent saviour.
Ransomware was barely out of the news in 2018. A malware that costs business an estimated $75bn (around £59bn) per year makes for great headlines. High profile infections, such as the one that impacted the NHS, spread the word but the sensational headlines did not provide much genuine enlightenment. Growth in the number of ransomware families may have plateaued or regressed (depending on who you talk to) but the wares that remain are potent and highly effective; the less worthwhile or successful variants being abandoned.
“Research shows us that 70%
of businesses paid ransomware demands in 2016 - that is
unsustainable and its sense of wider responsibility to all is debatable.”
One of the more disturbing developments must be ransomware designed for physical systems. Think about the systems you manage or use and think about ransomware stopping you from accessing them, degrading or deleting crucial data from them or simply switching them off at will. If we consider that after the outbreak that impacted the NHS so severely, security patches were issued for the vulnerability in the out of date software that enabled the infection to spread so readily.
Unfortunately, those patches were not universally applied and so infection continued until the kill switch was found by a researcher. The fact that many of the systems impacted were not standard computers or ‘corporate’ systems like email but imaging systems and other equipment, shows that the move to the real world is well underway for this most pernicious and cynical of malwares.
In the run up to the last presidential inauguration, the surveillance camera network DVRs in Washington DC were attacked with two strains of ransomware and had to be rebuilt. The potential for harm to people is clear and though we may think we understand the motive for that kind of attack, we can never assume. It could be cover for another criminal act but at the same time is compromising the safety and security of a great number of people gathered in one place for an event of national importance.
In Las Vegas last year, a team of university-based security researchers unveiled a variant of ransomware they had developed, that was specifically designed to attack physical systems. So prior infections by ransomware
38 | TOMORROW’S FM
had already impacted the physical world, as described above, but this was malware specifically designed to go for attributes in physical systems, such as Programmable Logic Controllers (PLCs).
Anyone familiar with Stuxnet, the malware worm that spread rapidly across the world in 2007, will probably know that this malware too was designed to attack PLCs. PLCs sit in physical systems all over the world from elevators to industrial production lines and are also found in building systems. Thinking beyond the initial problem of the infection when it comes to a physical system being affected is therefore essential.
The increase in opportunities to exploit, the low-cost barrier to entry and the ease of purchase, means that little or no cyber skill is required to become a ransomware criminal. The average loss for a business is $2,500 (£1,964) but businesses are paying up to $50,000 (£39,288) to regain data encrypted during an attack. It makes it an effective and massively profitable pastime for a variety of criminals with a variety of motivations. These motivations range from the mundane; wannabe script kiddies looking for easy money and some kind of reputation, organised criminal gangs (OCGs) that work like businesses and often generate new code to improve and refine existing malware (not just generating funds through the ransomware but also through selling the code onward), and terrorist funders, who are increasingly working with OCGs to share skills and intelligence (forget any sort of ideological inspiration, this is business, pure and simple).
Ransoming through cyberspace is a very attractive proposition to all bad threat actors and the expansion into the physical realm is disturbing. For FMs the threat needs to be considered.
We have just enjoyed Christmas, and although many disagree as to whether Die Hard is a Christmas movie or not, it will no doubt have popped up on a Christmas streaming list at some point. If you recall, that film depicted a building being taken over by terrorists, demanding a ransom. A high-risk strategy that was thwarted by a be-vested Bruce Willis.
In cyberspace, there is no vest and the heroes look rather different. Some of those heroes work in FM and will be looking for practical ways to build the resilience of the systems they manage and understand the routes into those systems that could cause them to be infected. Understanding that effectively your building could be held to ransom, via air quality systems, temperature control, door control etc, is not science fiction. It is possible now and we have seen incidents of malicious remote control of temperature for instance on many occasions.
twitter.com/TomorrowsFM
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58
