The holidays are often prime time for cyberattacks. Both companies and consumers have their guard down – businesses are closed or fewer employees are on call or monitoring the networks and more people are accessing the internet away from their secure connections. However, this holiday season was surprisingly quiet, with no major attacks that have been reported (as of yet, anyway).https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iThat doesn’t mean there wasn’t any news in the cybersecurity space. Perhaps the biggest news story was about the laptop at a Burlington, Vermont utility that was hacked, with reports that the malware code found on the computer matched a Russian malware code. The electric grid itself wasn’t in danger, as the laptop was not connected to that network. But it was enough to ring the alarm bells. As Tim Erlin, senior director of IT Security and Risk Strategy with Tripwire, told me in an email comment:
The Department of Homeland Security (DHS) report included ‘indicators of compromise’ specifically to allow other organizations to identify this malware and similar malicious activity. States and other organizations should use the indicators released by DHS to search their systems for evidence of the Grizzly Steppe malware. Malware is meant to be reused, so it shouldn’t be surprising to find evidence of this particular tool in other organizations. Actual attribution of an incident to a particular attacker isn’t as simple as finding a specific piece of malware. Attribution generally requires information about the tools, techniques and other behaviors of the attacker to be conclusive.
Today, however, reports are walking back the hacking story somewhat, as The Hill reported:
A list of internet addresses said to be tied to the attacks included some that were common to other uses, too, including those used by thousands of users from the Tor internet anonymity service. A list of pseudonyms for the attackers included “Powershell backdoor,” which is a type of attack, not a specific attacker group. . . . Upon further investigation, it appears to have been infected by a common hacker toolkit not connected to the Russian attacks.
The initial news of the laptop hack came, ironically, on the same day that President Obama announced the consequences for the alleged Russian attacks on the U.S. electoral process. It may have been that the media reporting the story wanted to create the connection and did so before all of the facts came out (not to mention, the mainstream media have quite a learning curve in reporting cybersecurity). However, this incident shouldn’t be focused on who did it, but rather that our critical infrastructure is at risk. A story that broke right before the holidays involved an alleged cyberattack on the power grid in Kiev, something that we should be paying attention to, Michael Patterson, CEO of Plixer, told me in an email:
The attack on the Ukrainian power grid may have been just a test for a much larger planned attack on the USA. The air gaps on our military systems that were proposed by Donald Trump should be enforced on our nation’s utilities as well. Despite improvements in malware detection, defenses against computer viruses are falling short more than ever before.
The holidays are behind us now. I am appreciative that there was no major attack that threatened networks, data or critical utilities. I don’t expect this lull to last.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba