Canadian Police Investigating Hydro Cyberattack

Uploaded on 2017-01-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

A cyber-attack on an archaic, unused IP address at Hydro One could be part of a broader hacking campaign, security experts say.

Rick Haier, chief security officer of Hydro One, said the electricity provider was contacted by the RCMP on Dec. 29, alerting them to an IP address in their system that had been targeted by hackers.

“The address in question is not an active IP address at Hydro One nor is it connected to the power system,” Haier said in a written statement. Hydro One has no reason to believe that its power system has been compromised, the company said. But attacks on individual pieces of software are not necessarily targeted at that entity or its owners, says Ira Goldstein, a senior vice president at the Herjavec Group IT security firm.

These so-called “zombie” or “bot” hacks search for weak spots in the security of anything connected to the Internet.

IP addresses, servers, computers, even WiFi-enabled baby monitors could be preyed upon, he said.

A virus is then sent to these vulnerable items, which allows them to be taken over and used for some separate, likely nefarious, purpose.

 “A lot of the attacks that are happening on the Internet are just automated programs ... where people are setting up programs for criminal (or) political means,” said Goldstein, who is not involved in the Hydro One hacking case and would not comment specifically on it.

Goldstein used the example of taking over thousands of internet-connected items and getting them all to bombard an organization’s inbox with emails in an attempt to crash its system.

The IP address targeted in the Hydro One attack was set up in the 1990s by the now-defunct Ontario Hydro, said company spokesperson Tiziana Rosa. When Ontario Hydro was split into smaller companies, the IP address migrated to Hydro One, but is not used by anyone there, Rosa added.
Goldstein said older software or hardware can be the most vulnerable to cyber-attacks, in part because they are unused.

“If you’re not monitoring them all the time, and you’re not decommissioning them when someone leaves the company, and you’re not having adequate controls on them then, that could be said to be the most dangerous thing,” he said. “The assets that you know the most about are probably the ones you’re protecting the best.”

The RCMP declined to comment on the hack or confirm the details provided by Hydro One.

“The RCMP is aware of the media reports and cannot comment any further in order to protect a potential criminal investigation,” said RCMP spokesperson Harold Pfleiderer.

On Dec. 29, the FBI and the US Department of Homeland Security issued a report outlining the tools and methods used by Russian military and civilian hackers, in an “ongoing campaign” targeting government, infrastructure, think tanks, universities, political groups, and private companies in the US.

Homeland Security shared that report with “foreign government partners, including in the Canadian government,” on Dec. 29, said agency spokesperson Scott McConnell.

Russian hackers have “conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks” outside of the US as well, the report says.

The report includes a list of “signatures” used by Russian hackers and indicators that a network has been compromised. In some cases, Russian hackers used fake online identities to misdirect victims as to the source of cyber-attacks, say the FBI and Homeland Security.

Cyber attackers conduct so-called “spear phishing” scams, in which a victim is sent an email, purportedly from someone they know, containing a link that exposes them to a hack, says the report. Hackers may also try to send commands to a browser, database or other system, effectively taking control of it, the report says. They may try to insert code into a web application to give themselves unauthorised access. Or they can take advantage of existing vulnerabilities in poorly configured servers and access the information hosted on them.

The Russian government did not respond to requests for comment.

The Star:                  Canadian Companies Vulnerable To Cyber-Attacks:

 

« Robots Will Take Our Jobs – But That's Good.
Cyber Criminals Target African Banks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Vicarius

Vicarius

Vicarius’ mission is to revolutionize vulnerability management from problem detection to proactive problem resolution.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Nukke

Nukke

Nukke offers advanced cybersecurity software and tailored solutions for your business.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.

Softcell Technologies Global

Softcell Technologies Global

Softcell is one of India's leading System Integrators. We serve enterprise customers in the areas of IT Security, Mobility, Optimised IT Infrastructure, Cloud and Engineering Services.