Critical Infrastructure Security, Threat Management

IP EXPO: Kaspersky speaks on CNI and says we’re living in ‘scary times’

Rushing into the theatre at IP EXPO Europe 2016 from a late taxi, Eugene Kaspersky stumbled onto the stage and in a rather menacing tone began to speak on why we're headed into bleak times.

Kaspersky said that cyber-criminals are moving away from traditional cyber-crime and looking to attack critical national infrastructure (CNI).

Promising a more positive end to his presentation, Kaspersky said that throughout his 27-year career in information security, the task of protecting CNI has proved to be the most challenging. “As nations, we depend on CNI in our everyday life, so it is imperative we protect it”, he said.

Kaspersky claimed that the last three to four years has seen a major rise in criminal cyber-attacks. And they are maturing at an alarming rate.

“US Office of Personnel Management, JP Morgan, Korea Hydro & Nuclear Power, and Sony Entertainment have all suffered breaches at the hand of experienced cyber-criminals,” he said.  

Kaspersky explained that as the criminals mature in their operations, the criminals are now offering what he describes as “Crime-as-a-Service”, with criminals who have offices, pay taxes and offer enterprise-grade support chat.

“As criminals mature, they are now moving to attacking transportation, and manufacturing,” Kaspersky said, giving the example of how criminals are now hacking coal mine haulage trains, to steal coal. Or decreasing temperatures inside fuel tanks to steal three percent of fuel with every tank.

According to Kaspersky, most attacks of this type are orchestrated by either insiders, giving an example of the “malicious, disgruntled employee”, or remote attackers looking to make a quick buck.

To really drill the message home, Kaspersky gave the final example of the hacking of the Antwerp Seaport, by criminals who were looking to use sea containers to smuggle in cocaine to mainland Europe.

So what's next? Kaspersky says that as criminals are now getting used to attacking “physical things”, they are moving to attack critical national infrastructure. This includes anything from power stations to telecoms infrastructure.

Kaspersky predicts four possible attackers who will be carrying out these sorts of attacks: criminals who will seek to hold these to ransom, hacktivists who will seek to destroy things due to their ideology, terrorists who want to cause harm and militaries who want to defeat their adversaries.

Pointing out the flaws in CNI, Kaspersky said they are difficult to protect as they can be attacked in many ways, including their physical systems, as demonstrated in the Stuxnet attack.

Their data can be destroyed and/or damaged, as demonstrated by the attack on Saudi Aramco, who had the data of over 30,000 machines all wiped, and it paralysed the company for two weeks.

And finally Kaspersky mentioned the 2007 telecoms attacks on Estonia, which were carried out in response to disagreements about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.

Kaspersky said, “we are living in a dangerous world, cyber is all around us,” and perhaps resembling a Russian super-villain he said, “We will die… later.”

Moving onto more positive notes, Kaspersky offered up his thoughts on preventing such attacks from happening.

In the enterprise, he recommends that security audits and pen tests are carried out to get a better understanding of how weak or strong a company's defences are. He recommended removing internet access where possible, to reduce the attack surface, and using whitelisting with ‘default deny' settings.

When it comes to protecting SCADA and ICS, Kaspersky recommended the use of air-gapping computers, and the use of scenario monitoring. He said, “if a turbine is suddenly spinning at a much faster speed than usual, we should be using systems who can shut down the connections which instructed this to happen.”

Finally, Kaspersky recommended the use of a secure OS. This means that attackers are slowed down as they are attacking an environment they aren't used to. He mentioned that his company have now developed their own secure OS, which is written from scratch by them, and monitors cryptographically signed scenarios to ensure an attacker isn't able to cause harm.

Concluding his sessions, Kaspersky said, “If we start doing these things now, in a few years time we will have a very secure cyber-space,” but added, “however we are currently living in a world of the ‘internet of threats'.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.