Cybersecurity Notes
- Cyber security overview:
- Numerical identifiers: 8151, B5176C7, EN053FO, 4A46490, 56, 59L, OF 468, 4, 11M, 80, 60, 2F4
- Context: ENG 2, June 5 Part II, Shift, P
- Colonial Pipeline ransomware attack:
- Colonial Pipeline paid ransom to hacker group DarkStor (source).
- Smart cities, cybersecurity, and privacy:
- Smart cities are vulnerable to cybersecurity and privacy risks.
- Reference: comparitech
- National security threats:
- North Korean hackers attacked an Indian nuclear power plant.
- Russian operation hacked a Vermont utility, posing a risk to the US electrical grid security.
- Note: An earlier report incorrectly stated that Russian hackers penetrated the U.S. electric grid. The hacked computer at Burlington Electric was not attached to the grid.
- Major cybersecurity threats to the US:
- Russia: America's most sophisticated cyber adversary.
- Notable attack: Interference in the 2016 US presidential election by the Internet Research Agency.
- China: Initially launched noisy attacks, now more subtle.
- Notable attack: Chinese military officers stole secrets on fighter jets, including the F-35, from Lockheed Martin.
- Iran: Significant increase in cyber attacks in recent years.
- Notable attack: Iranian Behzad Mesri charged with hacking into HBO, leaking "Game of Thrones" scripts, and demanding in ransom.
- North Korea: High on US watchlist despite improved diplomatic relations.
- Notable attack: The US blamed North Korea for the WannaCry attack in 2017.
- Potential consequences of a Russian cyber attack:
- Widespread poisoning: Treatment plants leak chemicals into drinking water.
- Freezing to death: Cyber invaders shut down power grids across the country.
- Radiation poisoning: Hacked power plants go into meltdown.
- Deadly car crashes: Compromised traffic lights cause accidents on purpose.
- SolarWinds hack:
- The SolarWinds hack was one of the biggest hacks of 2020.
- Attacks on the energy industry:
- DHS (2018): A foreign government conducted a multi-stage intrusion campaign, staging malware, spear phishing, and gaining remote access into energy sector networks to collect information pertaining to Industrial Control Systems (ICS).
- United States (2013): Unknown adversaries unleashed a coordinated attack on northern California, causing more than in damages by severing 6 underground lines and firing at substation transformers.
- Ireland (2017): Senior engineers at the Electricity Supply Board received phishing emails with malicious software intended to infiltrate control systems.
- UK (2017): Hackers gained access to a telecom network and installed a virtual wire tap to monitor all unencrypted traffic in Northern Ireland and Wales.
- Ukraine (2015): Attackers targeted industrial control systems at three Ukrainian energy companies, leaving 225,000 citizens without power.
- Ukraine (2016): A second attack on the Ukrainian grid caused another blackout and appears to be a trial run for a larger attack. The Crash Override malware communicated directly with ICS to turn power off.
- Kazakhstan, Taiwan, Greece, and the United States (2011): Using locations in Asia, Night Dragon hacked into oil, gas, and petrochemical companies, acquiring proprietary and confidential business and personnel information.
- Dragonfly/Energetic Bear (2014): Targeted grid operators and electricity-generation firms in several countries, including the Middle East, injecting malware and Trojan viruses into industrial control systems.
- US Power Company (2014): US utility's control system network was compromised via its internet portal after hackers brute-forced their way through its simple password mechanism. Fined Over Security Flaws Impacting 'Critical Assets (2018)
- Turkey (2014): Famous hacker team "Redhack" hacked into power admin system and canceling -$650K of electricity bills.
- Iran (2017): State-sponsored hackers infiltrated the critical safety systems for industrial control units used in nuclear, oil, and gas plants.
- Worldwide (2014): Since 2012, hackers under the name of "Operation Cleaver" have been building their skills to evade detection and have successfully penetrated and stolen data from 50+ companies.
- Middle East (2012, 2016, 2017): Shamoon virus targeted major energy companies, shutting down 30,000 computers and destroying hard drives; it reappeared in more destructive variants.
- Iran (2010): Programmable logic controllers were targeted by the Stuxnet computer virus, causing 20% of Iran's uranium enrichment centrifuges to spin out of control.
- Geographical distribution of attackers' IP addresses:
- Figure 5 represents the geographical distribution of attacking machines' IP addresses for all targeted attacks in 2011. It doesn't necessarily represent the location of the perpetrators.
- Global cyber attack statistics (2017 Cybercrime Report):
- Around global cyber attacks were recorded in 2017, up by 44% from 2016.
- Q4 2017: Russia emerged as the top attack origin, targeting US e-commerce retailers.
- Vietnam was included in the list of top five attack origins for the first time.
- Russia, Latvia, and Singapore first appeared in the top five attack destinations list.
- Luzon and Mindanao (Philippines) belonged to the top 21-30 places of bot attack origins.
- Visayas (Philippines) ranked below the top 50.
- Target of attacks from the United Kingdom:
- United States, United Kingdom, Ireland, France, Argentina
- Target of attacks from Russia:
- United States, United Kingdom, Russia, Latvia, Ireland
- Target of attacks from the United States:
- United States, United Kingdom, Canada, France, Argentina
- Target of attacks from Germany:
- United States, United Kingdom, Ireland, Germany, Austria
- Target of attacks from Vietnam:
- United States, United Kingdom, Australia, Singapore, Japan
- Cyber attack stages:
- Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Clearing Tracks
- Cybersecurity lifecycle:
- Identify
- Protect
- Detect
- Respond
- Recover
- Governance
- Threat Detection & Forensics
- Program Development
- Advisory Services
- Education & Training
- Cyber Assessment
- Coverage Limits Continued:
- Privacy Breach Response Services:
- Notification to Individual Clients: 25,000 individuals
- Credit Monitoring: 3 Credit Bureaus for 12 months
- Identity Theft Resolutions: Up to 5,000 cases
- Foreign Notification:
- Breach Response Services are OUTSIDE of the Limits of Liability
- First Party Coverage:
- Cyber Extortion: Included
- Data Protection Loss: Included
- Forensic Expense: **
- Business Interruption Loss: Included (higher limits available upon request)
- Data Breach Class Action Lawsuits:
- Data Breach Class Action Lawsuits on the Rise: How to Bullet-Proof Your Company from Data Breach Liability
- Speaker Firms and Organization:
- THE KNOWLEDGE GROUP
- Partner Firms:
- DRM
- Downs Rachlin Martin PLLC
- Business Sense-Legal Ingenuity Stroock
- Presented By:
- Matthew S. Borick, Director, Downs Rachlin Martin PLLC
- Karla Grossenbacher, Partner, Seyfarth Shaw LLP
- Krishna B. Narine, Partner, Meredith & Narine, LLC
- Steven D. Atlee, Partner, Stroock & Stroock & Lavan LLP
- Francis A. Citera, Shareholder, Greenberg Traurig, LLP
- Equifax Data Breach:
- State of Tennessee, Office of the Attorney General
- Letter concerning the Equifax Inc. Data Breach
- Date: September 19, 2017
- Addressed to: Phyllis B. Sumner, Esq., Christopher C. Burris, Esq., King & Spalding LLP
- From: HERBERT H. SLATERY III, ATTORNEY GENERAL AND REPORTER
- Concern over the personal information of over 3 million Tennessee residents being stolen.
- Concerns regarding Equifax's conduct since the breach disclosure, particularly their response to consumers' legitimate concerns after several weeks since discovering the theft of data pertaining to over 143 million individuals.