Editor’s Note: Steve Jenkin has an interest in cybersecurity and is the “go to” person for i2P in these matters.
The recent hacking of Sony in the US when it was about to release a movie based on the North Korean dictator (and the hackers also thought to be the North Korean government) illustrated vividly how a business can be disrupted in the most unlikely way.
Steve has twice written for i2P on the subject of “ransomware” where the computer files of an entire business can be hacked into and encrypted.
No theft, just a lock up that can go away with the payment of an amount of money calculated to make it worth your while to pay, rather than try to unlock the files that may take forever.
Steve has also discussed with me before about how pharmacy dispensing records are at a high risk and not about if it will happen, but when.
Before reading Steve’s article, a brief insight into some of the companies involved in activities that spill over from hacking into espionage – or somewhere in between.
Mandiant is an American cybersecurity firm. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. On 30 December 2013, Mandiant was acquired by FireEye in a stock and cash deal worth in excess of $1 billion.
Kevin Mandia, who serves as the company’s chief executive officer, founded Mandiant as Red Cliff Consulting in 2004 prior to rebranding in 2006. In 2011, Mandiant received funding from Kleiner Perkins Caufield & Byers to expand its staff and grow its business-to-business operations. Mandiant provides security incident management products and services to major financial institutions and Fortune 100 companies. Its 2012 revenues were over $100 million, up 76% from 2011. The company was acquired by FireEye on December 30, 2013.
FireEye, Inc. is a publicly listed US network security company that aims to provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing.
Founded in 2004, the company is headquartered in Milpitas, California.
The company’s main product line consists of the Malware Protection System for web security, email security, file security, and malware analysis.
Steve’s article follows:
“FireEye” acquired the “Mandiant”, the people who released the first detailed report on “Advanced Persistent Threats”, naming a unit of the Chinese People’s Liberation Army (PLA) as responsible for one they’d traced for many years.
The hackers turned pro now more than a decade ago.
Yes, all the script-kiddies are still out there, defacing sites, having their dummy spits and boosting their egos, but we now have a huge, high-powered hardware base, almost universal broadband and very, very experienced people running every level of these organisations.
There’s only a small number of super-smart, super-capable hackers producing new code [sometimes for sale, sometimes for ‘espionage’, either public or private, and very infrequently, for attacks].
The US Cyber-Command admitted to co-executing the attack on the “air-gapped Iranian nuclear weapons program” (over-revving the high-speed U235 enrichment centrifuges).
These predictions from Mandiant/FireEye aren’t mere opinion.
These guys are the heavy-hitters of the industry. They’re conservative and only release information they can support with measured facts.
The “gold ring” (forget brass rings) for hackers is finding:
– large mono-cultures of systems, where
– there’s also real money at stake.
Pharmacists, by collectively using a single software product, have deliberately made themselves a high-value target.
They are only as strong as the defences and monitoring of their Single Point of Failure: the software vendor.
We know from Mandiant’s APT1 report that these professionals are determined, patient and capable.
On our own shores, we had the successful destruction of high-impact business, Distribute IT, in June 2011. 4,800 customers lost websites and more.
The hacker destroyed all data & backups, making prosecution impossible.
This attack was relatively benign: The hacker could’ve leveraged the data on the servers to do far more damage and to steal a few thousand customer identities.
The key to the 2011 attack was turning off the backups and waiting till they were all erased before erasing the on-line systems.
The hacker broke in, reconnoitred the systems, then patiently undertook a multi-stage attack over months to fulfill their plan.
You’ll note there is now a warning about “Point of Sale” attacks.
The criminal gangs will go directly for the cash, as well as taking your data hostage.
There’s a reasonable, cheap and effective protection strategy:
– have two fully-built, operational and updated main servers, one on-line, the other off-line [powered-down and unplugged].
– perform regular (daily or better) backups of the on-line server,
– and upload and restore them to the network-disconnected server every week.
– then swap servers and run on the “other” server, while the other is unplugged.
– if you can store your backups of database & work-files on flash drives,
use them for the weekly transfer/upload/restore, and keep them untouched in your safe for at least 24 months.
At $10-$20/week, its a devastatingly good insurance policy.
If something goes wrong, you’ll be able to pinpoint exactly when. That’s important for Police and also Data Recovery.
It’s not a foolproof system, but guarantees you check all the most important boxes without needing complex procedures or software.
If it’s easy and uncomplicated and because its constantly practiced, the staff will known it inside and out as well.
FireEye predictions for cybersecurity in 2015
Summary:Mobile ransomware, insurance claims and striking the supply chain are all expected to make an appearance in 2015.
By Charlie Osborne for Zero Day | December 16, 2014 — 15:54 GMT (02:54 AEDT)
The security and forensics firm predicts that in the technical realm, mobile ransomware will surge in popularity.
Cryptolocker attained a measure of success this year, and so attention is expected to further turn to mobile in order for attackers to gain access to your phone and contacts.
The data which will end up locked is centered on cloud accounts, which will be encrypted before the victim is hit with a lock screen and demand for money.
FireEye predicts that point-of-sale (PoS) attacks will also become a more popular method of stealing data and money — and POS attacks will strike a broader group of victims with increasing frequency.
The security firm believes that more creative targeting will evolve as retailers strengthen their defenses and more criminals get into the game.
As a result, cyberattacks will spread to “middle layer” targets including payment processors and POS management firms.
When something does go wrong and a cyberattack is successful, response plans are also expected to fail more often, with harsher consequences.
With such risks in the corporate realm, cyber insurance as an industry is expected to grow.
Breaches are an inevitable part of modern day business, but damage control is possible. Real-time network monitoring and forensic analysis after an attack has taken place can help identify attackers, detect a breach as it occurs, and mount a defense before severe damage is done.
Editor’s footnote: The Australian government has a number of websites that deal with different levels of security.
The one that pharmacists may need to contact is:
Australian Cybercrime Online Reporting Network a national online system that allows people to securely report instances of cybercrime. Also provides advice to help people recognise and avoid common types of cybercrime.