Canadian Police Investigating Hydro Cyberattack

A cyber-attack on an archaic, unused IP address at Hydro One could be part of a broader hacking campaign, security experts say.

Rick Haier, chief security officer of Hydro One, said the electricity provider was contacted by the RCMP on Dec. 29, alerting them to an IP address in their system that had been targeted by hackers.

“The address in question is not an active IP address at Hydro One nor is it connected to the power system,” Haier said in a written statement. Hydro One has no reason to believe that its power system has been compromised, the company said. But attacks on individual pieces of software are not necessarily targeted at that entity or its owners, says Ira Goldstein, a senior vice president at the Herjavec Group IT security firm.

These so-called “zombie” or “bot” hacks search for weak spots in the security of anything connected to the Internet.

IP addresses, servers, computers, even WiFi-enabled baby monitors could be preyed upon, he said.

A virus is then sent to these vulnerable items, which allows them to be taken over and used for some separate, likely nefarious, purpose.

 “A lot of the attacks that are happening on the Internet are just automated programs ... where people are setting up programs for criminal (or) political means,” said Goldstein, who is not involved in the Hydro One hacking case and would not comment specifically on it.

Goldstein used the example of taking over thousands of internet-connected items and getting them all to bombard an organization’s inbox with emails in an attempt to crash its system.

The IP address targeted in the Hydro One attack was set up in the 1990s by the now-defunct Ontario Hydro, said company spokesperson Tiziana Rosa. When Ontario Hydro was split into smaller companies, the IP address migrated to Hydro One, but is not used by anyone there, Rosa added.
Goldstein said older software or hardware can be the most vulnerable to cyber-attacks, in part because they are unused.

“If you’re not monitoring them all the time, and you’re not decommissioning them when someone leaves the company, and you’re not having adequate controls on them then, that could be said to be the most dangerous thing,” he said. “The assets that you know the most about are probably the ones you’re protecting the best.”

The RCMP declined to comment on the hack or confirm the details provided by Hydro One.

“The RCMP is aware of the media reports and cannot comment any further in order to protect a potential criminal investigation,” said RCMP spokesperson Harold Pfleiderer.

On Dec. 29, the FBI and the US Department of Homeland Security issued a report outlining the tools and methods used by Russian military and civilian hackers, in an “ongoing campaign” targeting government, infrastructure, think tanks, universities, political groups, and private companies in the US.

Homeland Security shared that report with “foreign government partners, including in the Canadian government,” on Dec. 29, said agency spokesperson Scott McConnell.

Russian hackers have “conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks” outside of the US as well, the report says.

The report includes a list of “signatures” used by Russian hackers and indicators that a network has been compromised. In some cases, Russian hackers used fake online identities to misdirect victims as to the source of cyber-attacks, say the FBI and Homeland Security.

Cyber attackers conduct so-called “spear phishing” scams, in which a victim is sent an email, purportedly from someone they know, containing a link that exposes them to a hack, says the report. Hackers may also try to send commands to a browser, database or other system, effectively taking control of it, the report says. They may try to insert code into a web application to give themselves unauthorised access. Or they can take advantage of existing vulnerabilities in poorly configured servers and access the information hosted on them.

The Russian government did not respond to requests for comment.

The Star:                  Canadian Companies Vulnerable To Cyber-Attacks:

 

« Robots Will Take Our Jobs – But That's Good.
Cyber Criminals Target African Banks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

Surrey Centre for Cyber Security (SCCS)

Surrey Centre for Cyber Security (SCCS)

The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Office of the National Security Council (UVNS) - Croatia

Office of the National Security Council (UVNS) - Croatia

UVNS coordinates, harmonizes the adoption and controls the implementation of information security measures and standards in the Republic of Croatia.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Center for Technology Training (CTT)

Center for Technology Training (CTT)

CTT is a distinguished Computer Training School in Tampa. We specialize in offering comprehensive IT certification programs, including Cyber Security.