Critical Infrastructure Computer Systems Under Constant Attack

In the Crossfire

Critical Infrastructure in Age of Cyber War.

Read the full report by clicking the link above:

Purpose:

Cyber War Sounds like something out of a sci-fi movie or only an area covert government agencies in the US, Europe and Asia should be paying any attention to. This synopsis of the McAfee report is intended to raise awareness.

In the media

 

Russia vs Georgia: The second real cyber war has broken out. On August 8^th 2008, Russian troops crossed into South Ossetia vowing to defend what they called “Russian compatriots”. As this was taking place, a multi-faceted cyber attack began against the Georgian infrastructure and key government web sites. The attack modalities included: Defacing of Web Sites (Hacktivism), Web-based Psychological Operations (Psyc-Ops), a fierce propaganda campaign (PC) and of course a Distributed Denial of Service Attacks (DDoS).

Major US Oil Companies’ Networks Infiltrated by Spies (January 25, 2010) Three major US oil companies were targeted by sophisticated espionage attacks in 2008; they were unaware of the scope of the problem until the FBI notified them in late 2008 and in 2009.  The attacks appeared to be focused on stealing “bid data,” valuable proprietary information about the location and likely yield of oil discoveries around the world.  The attackers appear to have taken control of the companies’ networks and sent data to computers elsewhere.  In at least one instance, the data stream was traced to a computer in China, but there is no hard evidence linking that country’s government to the attacks.  The attacks are sophisticated, targeted, and surreptitious, suggesting that those behind the attacks are well organized and have ample support. <The SANS Institute>.

The report

“In the Crossfire” Was written by the Center for strategic and International Studies (CSIS) and commissioned by McAfee to highlight the very real threats and attacks facing key industries. To supplement this information I have included information from other sources and will give an indication of the source with a link to the original.

Critical Infrastructure owners such as the Oil and Gas are reporting that their network and control systems are under repeated attack. While this is true of everything connected to the internet, the critical infrastructure corporations make for better targets.

What is lost

Apart from cost the most feared loss from attacks is reputation, followed by the loss of personal information about customers. Respondents believe the situation will get worse not better in the future.

Specific to the Oil and Gas industry

Sixty percent of those surveyed reported theft-of-service cyber attacks, with nearly one in three reporting multiple attacks every month. Victimization rates were highest in the oil/gas sector, where three quarters of respondents reported theft-of-service attacks. The oil and gas sector also reported the highest rates of stealthy infiltration—71 percent, as opposed to 54 percent of respondents overall, with more than a third reporting multiple infiltrations every month.

Operational control systems are under attack (SCADA)

Attacks on SCADA systems are especially serious because they can give hackers, direct control of operational systems, creating the potential for large scale power outages or man-made environ­mental disasters.

Responding to the threat:

Overall, cost was most frequently cited as “the biggest obstacle to ensuring the security of critical networks,” followed by “Lack of awareness of the extent of the risk.” Even in a recession, security is still the top factor in making IT investment and policy decisions. In making IT investment and policy decisions, 92 percent said security was either “vital” or “very important.” Nearly a third of the IT executives surveyed said their own sector was either “not at all prepared” or “not very prepared” to deal with attacks or infiltration by high-level adversaries.

Countering the Threat

Basic, Key security measures are not widely adopted and ¾ of respondents said SCADA or industrial Control Systems (ICS) are connected to the internet or some other IP network.

Participation and partnership

Government-sponsored cyber security cooperation varies widely among owners and operators of critical infrastructure. Participation in government-led partnership initiatives is generally low. When asked how they were involved in developing laws or regulations, about a third (35 percent) of executives said their organization was involved in a government-private sector partnership organization. Participa­tion was more widespread in more horizontal organizations like industry information-sharing associations where more than half (53 percent) said they were members.

Improving Security

 

When it comes to strategies for improving the cyber security of critical infrastructure, the survey and interview data offer no easy answers. Attackers are increasingly targeting users on an individual basis through phishing and other strategies.

These developments mean that authentication of users and their privileges are growing in importance. Yet over half of all executives (57 percent) said their organization employed only user-names and passwords to authenticate those logging in. The remainder used stronger authentication tech­niques, like biometrics or tokens, either singly or in combination.

Similarly, if you have confidential data on mobile devices, then you absolutely should be looking to encrypt the data. Mitigate the threat of SCADA systems connecting to the internet or other IP networks. Remote access must be moved to more private networks and not over the internet. Cloud computing offers new security measures as well as creating new vulnerabilities, don’t put all your essential services in the same cloud.

Consider the types of data that could be moved to the cloud and the best cloud model for the given business, vet the security model and practices of the service provider, and set guidelines for hosting accountability.

Governments need to be better organized to confront cyber threats. Industry-to-Industry levels of participation are higher

Conclusion

The survey data shows that computer networks, especially IP-based ones, are now essential to critical infrastructure owners and operators. In the current economic climate, owners and operators, who use IT to improve efficiency, will increase their reliance on networks, in both operational and administra­tive systems. The data and the interviews show that those critical systems—including operational ones like SCADA/ICS—are operating in a high threat environment, and facing a range of risks, including some very expensive ones. But they also suggest that much can be done to protect those systems, for example through more widespread adoption of key security measures.

If cyberspace is the Wild West, the sheriff needs to get to Dodge City. Governance issues are front and center in any discussion of network security for critical infrastructure. There was a wide range of commentary for example about legal barriers to the possibility of the more widespread use of use technical measures to counter DDOS attacks. And experts discussed the difficulties facing treaties and other efforts in this area.

For owners and operators, the survey shows, their relationships to governments are a key factor in how they handle security. For governments, that relationship is crucial for the defense of national assets. In the absence of technological silver bullets, many executives see regulation—despite its draw­backs—as a way of improving security. And beyond just regulation, the data suggests that in some countries, most notably China, a close relationship between government and owners and operators has helped improve security.

A view from South Africa        

South Africa has remained out of the target scope, due to our location and limited bandwidth.

This will change as our bandwidth increases, already parts of Africa have some of the highest activity of late. SEACOM is operational, African West Coast Cable is next on the agenda offering a much bigger pipe which will later merge with UhuruNet a cable around Africa connecting the African continent with Europe, Asia and US internet backbone.

Windows 7 godmode

godmode allows quick access to all windows 7 control panel , configuration items and features. save it as a shortcut on your desktop or copy it to a memory stick or server share. Create a new folder and rename it to the following:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

The icon changes to a control panel item, double click and it and you will have access to 286 items which you can configure your system with. For easy support, try and copy this onto a thumb drive or a share, it will always be with you!

exploring windows 7 godmode

You can run this on Vista, but it will crash 64bit vista.

google share price down but up for baidu

So google.cn wants to pull out of china if it cannot run an uncensored search engine. This announcement came after google discovered a targeted attack against human rights activists. China’s competing search engine Baidu stocks gained at this news while google’s dropped 2%.

Google has claimed to increase their security as a result of this, this opens up other areas of attacks, the activists should google or baidu system hardening to protect their information.

Haiti Mail

haitian relief organization domains are being registered and run with malicious intent, make sure your donations reach the right organizations. You can help haiti by sending an sms, the money gets deducted from you phone account, before sending any money via sms make sure you have the correct details and your money is going to the correct organizations.

The following organizations are accepting SMS donations in the US only:

• SMS text “HAITI” to 90999 to donate $10 to Red Cross relief efforts
• SMS text “YELE” to 501501 to Donate $5 to Yele Haiti’s Earthquake Relief efforts

haiti relief sms

 Double check any information you get from your friends, family etc, that it is a legitimate site, the goal here is to support haiti during the crisis, spending a couple of minutes to verify your much needed funds are going to the correct organizations is well worth it.

long road to awareness

It really hit home how big a role awareness plays in being the big motivator to having your design or ideas accepted. A user thought it was excessive to not automatically download pictures in emails from external web servers also known as beacons that alert the SPAM guys that you exist on the cyber horizon.

taking the hat of the user, I see his point but casting that hat aside and donning the security one its clear that adding the senders to safe senders list once off for each unique sender is minor inconvenience. I have decided to make it this weeks mission to educate and make the user aware of the perils further down that rabbit hole.

Although it will take some convincing, the long road to awareness is worth it!

E-Card or ECard doing the rounds

Once again there is more ecard SPAM going around, the email is straight forward and can appear from someone unknown or be spoofed and come from someone known.

There is a link in the SPAM, this link is not always the same domain name.

What to do: quarantine email messages with ecard or e-card in the subject line. Alert users to the fact that SPAM messages with ecard or e-card are doing the rounds. Some antivirus have unwanted programs which allows you to add your own executable name, add ecard.exe and postcard.exe, make sure these are not legitimate files in your organization. Dont allow users access to the domains in the links, block these at your gateway.

View the trend blog for additional info http://blog.trendmicro.com/merry-malware-greetings-flooding-inboxes/