Story image

"Utterly frightening": UK's critical infrastructure is under attack

10 Apr 2018

The National Cyber Security Council (NCSC) recently issued a warning after it became aware of ongoing malicious attacks targeting the UK’s critical national infrastructure (CNI).

What is concerning is that the NCSC admits that it appears cybercriminals have been targeting and hacking organisations in the supply chain connected to UK’s CNI since at least March of 2017.

The hackers have been working to gain access to information using a number of techniques like planting malicious links on popular sites, targeted spear phishing attacks against the organisations, and harvesting logon details with publicly available hacking tools - with the ultimate goal of breaking into systems and grinding critical infrastructure to a halt.

RSA Security advanced cyber defence practice director Azeem Aleem says protecting the nation’s critical infrastructure is a matter of national security, but cybersecurity is often more complex within these environments.

“Firstly, it is only in recent years that old manual systems have been ‘digitised’ and connected. For years prior the whole focus has been on physical security, which means these companies are often years behind those in banking and retail, per se,” says Allem.

“My advice would be to face these challenges head on and the only way to do this is by having visibility and context. This means conducting a thorough risk assessment, understanding the dependencies between systems, using threat detection to monitor and alert on attacks, and contextualising results with business context in order to prioritise events.”

Aleem says there is a critical problem within many critical infrastructure companies, making them incompetent in fighting against cybercrime.

“Critical infrastructure companies are often dependent on legacy infrastructures with complex dependencies, and little visibility. They are unable to correlate security events to specific business outcomes – a problem we call the ‘Gap of Grief’,” says Aleem.

“Take the recent wave of WannaCry and Petya attacks; the industry was quick to cry ‘patch’, but actually that isn’t always possible, as patching systems without proper testing could actually cause more damage.”

Huntsman Security head of product management Piers Wilson says these attacks on national infrastructure should be “utterly frightening” given the chaos hackers can cause through sabotage and it’s made possible in part because of a lack of qualified security personnel and historic underinvestment.

“Within 2 years there will be over 1.5m security jobs unfilled globally, meaning that there simply aren’t enough resources in the UK to cope with the growing threats facing our critical infrastructure. Before the digital era, it was relatively simple to prevent and stop attacks, but now it’s much harder,” says Wilson.

“There’s often no easy way to block all of these potential threats at the perimeter, and trying to do so will just result in security analysts becoming overwhelmed by the sheer volume of probes and false positives that mask real issues.”

Wilson says it’s time that organisations accept that traditional defences like firewalls and anti-virus are simply not enough, with emphasis needing to shift away from just blocking attackers to intelligent and rapid detection, containment and mitigation as soon as an attack begins.

“This means having first class, automated threat and security intelligence capabilities that can manage the deluge of potential problems - sorting real threats from the background noise of systems and network operation; freeing up security analysts to deal with the real problems as quickly and efficiently as possible,” says Wilson.

“In the digital age, everyone – from the government and critical infrastructure organisations to businesses and charities - needs to accept that they can’t stop every attack at the boundary. Shifting focus will help to keep them and the rest of the UK safe."

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.