What is Ransomware, DOS and Social Engineering?
Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption and payment is then demanded before the “ransomed data” is decrypted and access is returned to the victim. The motives for attack are usually monetary and the victim is usually notified that an exploit has occurred and instructions are given for how to recover from the attack. Payment is often demanded in a virtual currency such as Bitcoin, so that the Cybercriminal’s identity isn’t known or found out.
A DOS is a Denial of Service attack, in which the cybercriminal attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources from Healthcare to Finance.
You will recall earlier on in the year, a Global Cyber Attack using hacking tools, crippled the NHS, hit international shipper FedEx and infected more than 300,000 computers in 150 countries and has been dubbed “The biggest ransomware outbreak in history” according to Helsinki based Cyber security firm F-Secure. The NHS were even forced to revert back to Pen and Paper during this outbreak!
It involved the Cybercriminals using methods such as Phishing emails, whereby it tricks the recipient into opening the attachment, using ransomware called WannaCry and WCry. There are others called Reveton, CryptoLocker, CryptoWall, Fusob, Petya and Bad Rabbit.
Once your computer has been infected, it locks up the files and encrypts them in a way you cannot access them. WannaCry usually exploits weaknesses in Microsoft, compounded with the problem of users not installing the recommended updates.
Social Engineering is similar to Phishing emails but performed using a variety of media, including phone calls and Social Media, in which the Cybercriminals try and trick the user and this is heavily reliant on psychological manipulation to get the user to perform actions or divulging information (user names, passwords etc.).
What does all this mean for Manufacturing companies?
A recent Kaspersky report showed that the Manufacturing Industry is one of the most susceptible industries to Cyber Attacks. According to the report, Industrial Control Systems (ICS) computers account for nearly one third of all attacks in the sector. The British Chamber of Commerce claimed that “one in five” British companies got hit by a Cyber-attack in 2016.
Figure 1: Source – https://ics-cert.kaspersky.com/reports/2017/09/28/threat-landscape-for-industrial-automation-systems-in-h1-2017/#26
Manufacturers are starting to wake up to the rising threat of these Cyber-attacks as they appear in the top three industry sectors: Finance (32.1%), Oil & Gas (25.5%) and Manufacturing (25.2%) and this report goes on to say that manufacturing firms focused on materials, equipment and goods production were targeted the most.
With more manufacturers under pressure to reduce costs, increase productivity and profitability, as well as gearing up towards the Industry 4.0 Revolution (4IR) and due to the tight Digital integration, the risks are increasing at a worrying rate. There are more and more companies using web based platforms for design, planning, manufacturing as well as Accounting and CRMs, therefore this poses a greater threat in this modern era.
Prevention seems to be the best form of defence and identifying an infection early, because if manufacturers ignore this risk then there could be devastating consequences. Downtime, reduced production and potentially a loss of clients! Furthermore, the loss of data such as drawing files, regulatory information and even industry compliance data could lead to fines by Government bodies and some customers may not be able to trade unless there is a regulated complete set of production data, such as Pharmaceutical companies.
All of the above have associated costs. Reduced production costs money, dormant workforce is costly and not forgetting loss of sales and costly replacement files and information. Are forward thinking companies willing to take a chance on this happening?
It has been written, https://www.itgovernance.co.uk/blog/2016-cyber-security-breaches-cost-uk-businesses-almost-30-billion/ that the total cost of damages inflicted by ransomware reached £29 million in 2016, Phishing emails being the most common type of attack, affecting almost 1.3 million businesses, followed by computer viruses (1.2 million) and then hacking (1 million).
What strategies can companies put in place?
- Ensure your anti-virus software is updated. Recommended updates are completed (instead of clicking “Remind me later”!)
- Train Staff to understand the risks. Raising awareness can only benefit, especially for companies with less than 100 employees (71% of attacks are at companies with fewer than 100 employees). It’s a collective responsibility to safeguard and to make sure they are aware of the warning signs, safe practices and the responses to a suspected takeover. All field based employees to keep company property in a safe place. https://smallbusiness.house.gov/news/documentsingle.aspx?DocumentID=398099
- Use Complex Passwords. Ensure the company is using strong and unique passwords to avoid easier access.
- Clean Desk Approach. All confidential and sensitive information is kept out of sight and aren’t exposed. Ensuring such documentation is professionally disposed or shredded.
- Pick up the phone. Ensuring that any financial verification is done verbally rather than confirming by email or concluding a transaction. Put in place a two-step verification process to add another layer to the security.
- Having a contingency plan. Making sure systems are regularly maintained and backed up. Take a proactive approach to Cyber security and even conduct live drills to practice in the eventuality of anything happening.
What is Hobut doing to protect itself, its suppliers and its customers?
Quite a lot actually:
- All software is Patched daily (regularly updated to fix any bugs and security vulnerabilities)
- We have three layers of protection for email (filtering, firewall, endpoint protection)
- We have a software register (an inventory of software installed, configuration information of each software product, what version is installed and information that can be used to delete or replace each software)
- We have multiple copies of our data offsite.
- Staff are trained to recognise phishing emails and consult with IT if there is any doubts.
- Strong password use is enforced.
However we understand that this is an evolving threat, and continuously review our security practices.