Canadian Police Investigating Hydro Cyberattack

Uploaded on 2017-01-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

A cyber-attack on an archaic, unused IP address at Hydro One could be part of a broader hacking campaign, security experts say.

Rick Haier, chief security officer of Hydro One, said the electricity provider was contacted by the RCMP on Dec. 29, alerting them to an IP address in their system that had been targeted by hackers.

“The address in question is not an active IP address at Hydro One nor is it connected to the power system,” Haier said in a written statement. Hydro One has no reason to believe that its power system has been compromised, the company said. But attacks on individual pieces of software are not necessarily targeted at that entity or its owners, says Ira Goldstein, a senior vice president at the Herjavec Group IT security firm.

These so-called “zombie” or “bot” hacks search for weak spots in the security of anything connected to the Internet.

IP addresses, servers, computers, even WiFi-enabled baby monitors could be preyed upon, he said.

A virus is then sent to these vulnerable items, which allows them to be taken over and used for some separate, likely nefarious, purpose.

 “A lot of the attacks that are happening on the Internet are just automated programs ... where people are setting up programs for criminal (or) political means,” said Goldstein, who is not involved in the Hydro One hacking case and would not comment specifically on it.

Goldstein used the example of taking over thousands of internet-connected items and getting them all to bombard an organization’s inbox with emails in an attempt to crash its system.

The IP address targeted in the Hydro One attack was set up in the 1990s by the now-defunct Ontario Hydro, said company spokesperson Tiziana Rosa. When Ontario Hydro was split into smaller companies, the IP address migrated to Hydro One, but is not used by anyone there, Rosa added.
Goldstein said older software or hardware can be the most vulnerable to cyber-attacks, in part because they are unused.

“If you’re not monitoring them all the time, and you’re not decommissioning them when someone leaves the company, and you’re not having adequate controls on them then, that could be said to be the most dangerous thing,” he said. “The assets that you know the most about are probably the ones you’re protecting the best.”

The RCMP declined to comment on the hack or confirm the details provided by Hydro One.

“The RCMP is aware of the media reports and cannot comment any further in order to protect a potential criminal investigation,” said RCMP spokesperson Harold Pfleiderer.

On Dec. 29, the FBI and the US Department of Homeland Security issued a report outlining the tools and methods used by Russian military and civilian hackers, in an “ongoing campaign” targeting government, infrastructure, think tanks, universities, political groups, and private companies in the US.

Homeland Security shared that report with “foreign government partners, including in the Canadian government,” on Dec. 29, said agency spokesperson Scott McConnell.

Russian hackers have “conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks” outside of the US as well, the report says.

The report includes a list of “signatures” used by Russian hackers and indicators that a network has been compromised. In some cases, Russian hackers used fake online identities to misdirect victims as to the source of cyber-attacks, say the FBI and Homeland Security.

Cyber attackers conduct so-called “spear phishing” scams, in which a victim is sent an email, purportedly from someone they know, containing a link that exposes them to a hack, says the report. Hackers may also try to send commands to a browser, database or other system, effectively taking control of it, the report says. They may try to insert code into a web application to give themselves unauthorised access. Or they can take advantage of existing vulnerabilities in poorly configured servers and access the information hosted on them.

The Russian government did not respond to requests for comment.

The Star:                  Canadian Companies Vulnerable To Cyber-Attacks:

 

« Robots Will Take Our Jobs – But That's Good.
Cyber Criminals Target African Banks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Managed Security Solutions (MSS)

Managed Security Solutions (MSS)

MSS deliver consultancy services and managed security services for IT departments who may lack the time, resources, or expertise themselves.

Swiss Cyber Storm

Swiss Cyber Storm

Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Sorenson Capital

Sorenson Capital

Sorenson Capital is a leading venture capital firm focused on investing in early and growth-stage AI, cybersecurity, B2B software, and DevOps & infrastructure companies.