4 Lessons to be learned from the DOE’s DDoS attack

Credit to Author: Kayla Matthews| Date: Fri, 17 May 2019 15:59:32 +0000

Analysts, researchers, industry professionals, and pundits alike have all posited the dangers of the next-generation “smart grid,” particularly when it comes to cybersecurity. They warn that without the right measures in place, unscrupulous parties could essentially wreak havoc on the bulk of society by causing severe outages or worse.

It is a real possibility, but up until now, it’s been something that’s largely hypothetical in nature. In March, an unidentified power company reported a “cyber event” to the Department of Energy (DOE) that caused major disruptions in their operations. While the event did not cause a blackout or power shortage, it was likened to the impact of a major interruption, including events like severe storms, physical attacks, and fuel shortages.

It’s easy to dismiss this as a one-off event, especially since there was no energy disruption to the public as a result. But, in fact, the exact opposite should be inferred from this. It’s merely the first toe over the line in a world where cyberattacks are consistently growing more dangerous, highlighting the need to understand and improve security moving forward.

What lessons can be learned from this attack, and what can hopefully be done to mitigate risk in the future?

1. Disruption comes in many forms

Almost immediately, the attack could be dismissed because it didn’t cause power outages or severe disruptions, but that’s the kind of ostrich-in-the-sand approach that leads to vulnerability in the future. Disruptions or delays can come in many forms, especially for utility providers.

When an attack is identified, the appropriate response teams must dedicate resources to dealing with the oncoming wave. That is essentially costing valuable hours and money, but it’s also taking those teams away from more important tasks. A particularly nasty attack could cause crews to pause or delay certain activities simply to cooperate with an investigation. That could then result in a provider losing efficiency, capabilities, or worse.

At the very least, providers that incur significant costs would need to recuperate the money somehow, and that will most likely roll back into pricing. It’s hard to imagine a minor cyberattack having such an impact on the market, but it’s a definite possibility.

2. Many cyberattacks are easily preventable

Sophisticated cyberattacks can cause a lot of damage, but many of them can be easily prevented with the right security in place. According to an official, the DOS event reported to the DOE happened because of a known software vulnerability that required a patch to fix—a patch that had also been previously published. Hitting “update” would have thwarted the attack.

There’s no further information about what, specifically, was attacked. It could have been computers or workstations, or other Internet-facing devices or network tools. Attackers could have stolen data, proprietary files, or held systems up for ransom. Whatever the damage done, it could have easily been prevented.

A recent study revealed that 87 percent of all focused attacks from January to mid-March 2018 were prevented. This was achieved through a combination of measures, the first being the adoption of breakthrough technologies.

But, just as important to stopping attacks is building a strong and proactive security foundation. The latter requires vigilant maintenance for the systems and devices in question, which would including updating the tech and applying security patches for known exploits.

3. DDoS attacks should be taken seriously

Today’s DoS and DDoS attacks are different seeing as they are more vicious, pointed, and capable. Originally, launching a DDoS attack meant sending a huge bulk of requests to an IP address that overload the related systems and lock out legitimate requests. Generally, while these attacks do come from a few different computers and sources, they use less complex request methods.

The problem with the current landscape is not just that the attacks have become more sophisticated themselves, but that there are so many more potential channels. The Mirai botnet, for example, took advantage of IoT devices such as security cameras, smart home tech, and more. In turn, this makes the scale and capability of the attack much stronger because there are so many more devices involved, and there’s so much more data flowing into the targeted systems.

A massive distributed-denial-of-service attack can take down company websites, entire networks or— in the case of Mirai—nearly the entire Internet. For utility providers this kind of attack could prove disastrous to operations, inundating network servers and equipment with requests and blocking out official communications.

DDoS attacks should be taken more seriously, and today’s enterprise world should be focused on preventing and protecting from them as much as any other threat. Most cloud service providers already do a great job protecting against these attacks. It becomes a real issue when hackers can take advantage of existing vulnerabilities, just as they did with the DOE event.

4. They aren’t time-limited

In the TechCrunch report about the incident, it’s revealed that the attack caused “interruptions of electrical system operation” for a period of over 10 hours. Ten hours is a decent amount of time, and it provides a glimpse at just how prolonged these threats can be. Network layer attacks can last longer than 48 hours, while application layer attacks can go on for days. Infiltration of systems and networks for spying—weeks and months.

It adds another layer to the problem, beyond general security. These attacks can last for increasingly long periods of time, and when it comes to utility providers and the smart grid, that could potentially mean lengthy service disruptions.

Imagine being without power or water for over 60 days because of a sophisticated DDoS attack? While not likely, such a scenario highlights the need to find backup solutions to the problem.

What, for instance, are these providers doing to ensure services are properly backed up and supported during large-scale cyberevents?

Cybersecurity should be a priority

The key takeaway here is that cybersecurity, in general, should be one of the highest priorities for all entities operating in today’s landscape, utility providers included. These attacks have grown to be sophisticated, targeted, capable, and more rampant.

The argument to be made isn’t necessarily that protecting from any one form of attack should be more important than others. It’s that all threats should be taken seriously, including DDoS attacks, which are growing more common. To make matters worse, there’s a much larger pool of channels and devices with which attacks can originate, and they can be carried out over long periods of time.

This increased risk poses some additional questions. Is the smart grid truly ready for primetime? Can it hope to compete against such threats? If cybersecurity is baked into its design, it has a fight chance.

The post 4 Lessons to be learned from the DOE’s DDoS attack appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/