Ukraine Cyberattack a Warning to U.S. Companies

By Floyd Arthur

On Dec. 23, 2015, hundreds of thousands of homes and businesses in the Ukraine lost

electrical power for six hours following what is now being called a well-coordinated,

well-planned cyberattack. Referring to the attack on the power-grid as the first of its

kind, SANS Industrial Control Systems described the takedown as a multi-faceted

effort that involved:

Cyberattacks

* remotely switching off breakers to cut the power supply

* exploiting malware already in the system to prevent utility company employees from detecting the outage

* flooding phone lines to prevent customers from reporting that the power was out

The malware also damaged the system server, preventing the affected power

companies from quickly restoring service and making investigation more difficult.

Although Ukrainian authorities have yet to release a full report, and questions about

the malicious code used to implement the cyberattack remain, the cybersecurity

firm iSIGHT Partners has attributed it to the Russian hacker group Sandworm. In an

interview with Ars Technica, John Hultquist, head of iSIGHT's cyber espionage

intelligence division said, "It's the major scenario we've all been concerned about for so long.”

U.S. Utility Companies Warned of Cyberattack Dangers

In the wake of the attack, the U.S. power industry’s Electrical Information Sharing

and Analysis Center issued a warning to power companies that they needed to review

their cyber-defense systems and “do a better job” of preventing cyberattacks,

according to a Reuters report. The warning did not identify any critical shortcomings

in the U.S. power grid, nor did it indicate that the group felt there was an imminent

danger of a similar incident on U.S. soil. According to EIS spokesperson, Kimberly

Mielcarek, "There is no credible evidence that the incident could affect North

American grid operations and no plans to modify existing regulations or guidance based on this incident."

Increasing Awareness of Cyberattack Threat

Perhaps the most disturbing aspect of the Ukranian cyberattack was how easy it was.

According to Robert Lipovsk, senior malware researcher at the Ukrainian software-

security firm ESET, "The alarming aspect of this attack was that the infection vector”

[for the malware] was phishing, the practice of using email with a malicious

attachment to gain access to a computer, “which is quite a trivial way to get in.”

In fact, cyber-security firms advise that employee carelessness, such as opening email

attachments from unknown senders of using insecure passwords on private

computers used at work, is one of the biggest threats to a business’ cybersecurity.

According to experts who weighed in at a Guardian roundtable last October, another

is the failure of company leadership to understand the threat. “One of the real

dangers is that many leaders don’t realise their organisations have become digital,”

said one participant. They “probably started their careers when their business was

paper-based, and in their minds that’s how the business still works.”

Communication and education (at all organizational levels), the group agreed, is the

key to an effective cyber security program, whether the company is protecting

customer data or access to a power grid. The group, which included industry leaders

such as Nigel Harrison, non-executive director of the Cyber Security Challenge UK,

Andrew Rogoyski, vice-president of cybersecurity services at CGI, and Emma Philpott,

chief executive at the IASME Consortium, also urged businesses to:

* Encourage all employees to set strong passwords and change them regularly

* Update hardware, firmware and software as needed

* Regularly patch firewalls

* Change the default password on WiFi routers and gateways

* Educate leadership and employees about cybersafety

* Mandate that employees who use their own devices at work install firewalls and antivirus software.

All across the globe, cybercriminals are becoming more adept at planning and

implementing cyberattacks, and no business, no matter how small, is immune. A

strong IT security program and educated employees is the best defense against

hackers, but having cyber liability insurance to protect your firm is important as well.

Find out more about this essential form of coverage by contacting one of our business

insurance experts today. Call us at 516-292-3780 Monday through Friday 9 a.m. to 6

p.m., or request a free consultation online now.

Visit www.Carmoongroup.com