Canadian Police Investigating Hydro Cyberattack

Uploaded on 2017-01-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

A cyber-attack on an archaic, unused IP address at Hydro One could be part of a broader hacking campaign, security experts say.

Rick Haier, chief security officer of Hydro One, said the electricity provider was contacted by the RCMP on Dec. 29, alerting them to an IP address in their system that had been targeted by hackers.

“The address in question is not an active IP address at Hydro One nor is it connected to the power system,” Haier said in a written statement. Hydro One has no reason to believe that its power system has been compromised, the company said. But attacks on individual pieces of software are not necessarily targeted at that entity or its owners, says Ira Goldstein, a senior vice president at the Herjavec Group IT security firm.

These so-called “zombie” or “bot” hacks search for weak spots in the security of anything connected to the Internet.

IP addresses, servers, computers, even WiFi-enabled baby monitors could be preyed upon, he said.

A virus is then sent to these vulnerable items, which allows them to be taken over and used for some separate, likely nefarious, purpose.

 “A lot of the attacks that are happening on the Internet are just automated programs ... where people are setting up programs for criminal (or) political means,” said Goldstein, who is not involved in the Hydro One hacking case and would not comment specifically on it.

Goldstein used the example of taking over thousands of internet-connected items and getting them all to bombard an organization’s inbox with emails in an attempt to crash its system.

The IP address targeted in the Hydro One attack was set up in the 1990s by the now-defunct Ontario Hydro, said company spokesperson Tiziana Rosa. When Ontario Hydro was split into smaller companies, the IP address migrated to Hydro One, but is not used by anyone there, Rosa added.
Goldstein said older software or hardware can be the most vulnerable to cyber-attacks, in part because they are unused.

“If you’re not monitoring them all the time, and you’re not decommissioning them when someone leaves the company, and you’re not having adequate controls on them then, that could be said to be the most dangerous thing,” he said. “The assets that you know the most about are probably the ones you’re protecting the best.”

The RCMP declined to comment on the hack or confirm the details provided by Hydro One.

“The RCMP is aware of the media reports and cannot comment any further in order to protect a potential criminal investigation,” said RCMP spokesperson Harold Pfleiderer.

On Dec. 29, the FBI and the US Department of Homeland Security issued a report outlining the tools and methods used by Russian military and civilian hackers, in an “ongoing campaign” targeting government, infrastructure, think tanks, universities, political groups, and private companies in the US.

Homeland Security shared that report with “foreign government partners, including in the Canadian government,” on Dec. 29, said agency spokesperson Scott McConnell.

Russian hackers have “conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks” outside of the US as well, the report says.

The report includes a list of “signatures” used by Russian hackers and indicators that a network has been compromised. In some cases, Russian hackers used fake online identities to misdirect victims as to the source of cyber-attacks, say the FBI and Homeland Security.

Cyber attackers conduct so-called “spear phishing” scams, in which a victim is sent an email, purportedly from someone they know, containing a link that exposes them to a hack, says the report. Hackers may also try to send commands to a browser, database or other system, effectively taking control of it, the report says. They may try to insert code into a web application to give themselves unauthorised access. Or they can take advantage of existing vulnerabilities in poorly configured servers and access the information hosted on them.

The Russian government did not respond to requests for comment.

The Star:                  Canadian Companies Vulnerable To Cyber-Attacks:

 

« Robots Will Take Our Jobs – But That's Good.
Cyber Criminals Target African Banks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

D-RisQ

D-RisQ

D-RisQ is focussed on delivering techniques to reduce the development costs of complex systems and software whilst maximising compliance

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

My Data Recovery Lab

My Data Recovery Lab

We recover data from: HDDs, RAIDs, NAS, SSDs, USB Flash Devices, Desktop Computers, Mobile devices and other data storage media.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Questex Asia Total Security Conference

Questex Asia Total Security Conference

Questex Asia’s Total Security Conferences is one of the industry’s most prestigious and engaging forums for the region's top information security leaders and business decision-makers.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.