Subcontractors are for hackers the weakest link in security chain

Hackers use to target subcontractors to hit big enterprises due the poor level of security they offer, in the energy sector this trend is very concerning.

Let’s follow the discussion on the hacking world and the way hackers impact business with their activities. We discussed about the role of hackers for companies and their employment in cybercrime ecosystem.
Let’s try to ask ourselves how would work a hacker in order to hit a company or an organization.
The numerous incidents daily occur teach us that one of the most common way to hack an organization is trying to exploit vulnerabilities within subcontractors networks and in the process that governs the partnership with target entity.
Big enterprises and organizations in many cases have been attacked exploiting the privileges channel of subcontractors, often subcontractor systems have been vulnerable to the attack of hackers and the data of target companies were poorly defended.
The problem seems to be extended to virtually all industries, from energy to the defense, while big enterprises have adopted all the necessary countermeasures to mitigate cyber threats, the economic crisis and the erroneous perception of security as a cost has caused serious misconducts in the subcontractors.

Large companies and organizations are accused of having a lack of careful assessment of the level of security offered by subcontractors, the price is often the only parameter assessed during the acquisition of services and products from third parties.

According  experts at Alert logic the energy industry customers are targeted more often than those in any other industry, the number of cyber threats observed from Jan. 1st to May 23th is nearly 9,000 and more that 50 percent of them is a malware-based attack.
Thirty-one percent of the threats were brute force attacks, in which hackers repeatedly attempt to crack passwords, the report said.
The ICS-CERT issued in July a Monitor report that revealed an intensification for brute force attacks against control systems mainly belonging to the energy sector. The ICS-CERT received notification for more than 200 cyber attacks against critical infrastructure operators between October 2012 and May 2013.

According the ICS-CERT the victims were targeted by mostly by watering hole attacks, SQL injection, and spear phishing.
Alert logic released a security bulletin remarking the concerning trend.

“That’s higher than any other industry that’s going on out there,” “The only thing that might even come close to this would be financial.” said Stephen Coty, director of threat research for Houston-based security firm Alert Logic.

The energy sector described in the report represents a meaningful example of how company cybersecurity policies, despite being very stringent of physical security, are deficient in the definition of requirements for cyber security of subcontractors.

“I don’t think that they hold their contractors up to the same standards that they do their employees. I think that’s a growth issue, or understanding the risks.” Coty said.

Alert Logic revealed that in March that about two-thirds of its 54 energy industry clients experienced brute-force or malware attacks, an impact  higher than in other sector.
The hackers that use to target subcontractors to hit a company usually following precise steps contextualized by Alert Logic for the energy sector:

• Identify subcontractors that may have access to valuable information.
• Identify the subcontractors’ employees.
• Start spear phishing campaign or a watering hole attacks against the employees.
• The information collected is used to penetrate the target computer systems.
• The stolen credentials are used to access valuable information such as financial data or intellectual property.

Booz Allen Hamilton executive Emile Trombetti reported for example that hackers used that tactic to send a message that appeared to be from his daughter during an attack, this is the proof that attackers have collected information about him.

“They found out my daughter’s name,”“They found out what school she went to. And they found out her Yahoo address. And I get an email that says, ‘Dad, it’s an emergency.’”

Security level offered by subcontractors is crucial for companies business, subcontractors are similar to the appendices of the target company and should be carefully evaluated the process they implement for data and infrastructure protection A good starting point is to assess compliance with the standards of clients and contractors and carefully consider the information flows between the parties.
Until the subcontractors will be vulnerable, the entire chain of security is at risk!

Israel – AP Exclusive reveals tunnel hit by cyber attack

Cybersecurity experts revealed that a major artery in Israel’s national road network located in the northern the city of Haifa suffered a cyber attack.

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology.
Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale. Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government’s website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second.
In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel’s “essential systems,” including its water facilities, electric grid, trains and banks.

“Every sphere of civilian economic life, let’s not even talk about our security, is a potential or actual cyberattack target,” said Netanyahu.

Israel’s military chief Lt. Gen. Benny Gantz made a high-profile speech recently outlining that within the greatest threats his country might face in the future there is the computer sabotage as a top concern. A sophisticated cyber attack could be used to shut down a banking system of Israel, the national electric grids or a defense system, this is a nightmare for the Defense.
Cybersecurity experts revealed to The Associated Press that a major artery in Israel’s national road network located in the northern the city of Haifa suffered a cyber attack that has caused serious logistical problems and hundreds of thousands of dollars in damage.
The tunnel is a strategic thoroughfare in the third largest city of the country, and as a demonstration of its importance in the city is exploring the possibility to use the structure as a public shelter in case of emergency.
It seems that the attackers used a malware to hit the security camera apparatus in the Carmel Tunnel toll road in Sept. 8 and to gain its control.

“The attack caused an immediate 20-minute lockdown of the roadway. The next day, the expert said, it shut down the roadway again during morning rush hour. It remained shut for eight hours, causing massive congestion.”

The experts that have investigated on the incident exclude that the hypothesis of a state-sponsored attack because the malicious code used  was not sophisticated enough to be the work of a hostile government, it is likely the involvement of a group of hacktivists.
Carmelton company that oversees the toll road, blamed a “communication glitch” for the incident, while Oren David, a manager at security firm RSA’s anti-fraud unit, said that although he didn’t have information about the tunnel incident similar attacks could represent a serious menace for population.

“Most of these systems are automated, especially as far as security is concerned. They’re automated and they’re remotely controlled, either over the Internet or otherwise, so they’re vulnerable to cyberattack,” “among the top-targeted countries.” said David.

In reality Iranian hackers and other hostile entities have penetrated successfully Israeli systems, Israel has controlled the attacks to track back the hackers, profile their methods of attack and to conduct a disinformation campaign making available false information.
To improve security of critical infrastructure the Israeli civilian infrastructure, Israel’s national electric company has recently launched a training program, jointly with cyber defense company CyberGym, to teach engineers and managers of critical plants to detect ongoing cyber attacks.
The attack scenario revealed portends to an escalation of attacks by hostile entities, whether they are cyber criminals, hacktivits or state-sponsored hackers, it’s crucial for the Israeli government to invest in improvement of cyber capabilities for its survival.