Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Cyber Attacks: Protecting Your Utility During the COVID-19 Crisis Mark McKinney, Doug WestlundAESI-US, Inc.
May 19, 2020
ENGINEERING AND MANAGEMENT CONSULTANTS
Discussion Topics
Introductions / Objectives of the Webinar The Cyber Threat Landscape During the COVID-19 Crisis Hacking Details Associated With the New Threat Landscape How to Protect Your Utility Q & A
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 2
ENGINEERING AND MANAGEMENT CONSULTANTS
About AESI
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 3
Industry’s Trusted Advisor. Proven. Credible. Reputable.
Established in 1984, AESI is an engineering and management consulting firm providing pragmatic and sustainable engineering, technical and management solutions.• Assisted over 500 utilities, government agencies, commercial,
industrial and institutions across North America and internationally. • Substantiated and proven long-term public municipal utility
experience and with co-op G&Ts and EMCs.• Selected by Hometown Connections for cyber security, IT/OT and
regulatory services for public / municipal power. ENERGY SOLUTIONS
OPERATIONAL TECHNOLOGY
CYBER SECURITY
REGULATORY COMPLIANCE
ENGINEERING AND MANAGEMENT CONSULTANTS
About the Presenters
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 4
SCADA Engineer by training
~ last 20 years assisting utilities with their cyber security challenges
Contracted by the APPA and the NRECA for cyber training for their members
Additional areas of focus: operational risk assessments, cyber governance, development of cyber programs
Board Director
Doug WestlundP.Eng., MBA
Mark McKinneyMSIM, CISSP, CISA, CFE, CCFE
Enterprise Architect, Solutions Architect
CISO: Municipal Utility (E/W), Regional Healthcare System, Ambulatory Care & Fire Services Company
DHS PCII (Protected Critical Infrastructure Information) Assessor
Force Protection Officer, U.S. Army (Ret.)
Auditor: CIP (NERC, SERC), PCI, HITECH, FISMA, FFIEC
Consulting Member of the U.S. Department of Homeland Security National Protection and Programs Directorate
ENGINEERING AND MANAGEMENT CONSULTANTS
Objectives for the Webinar
Present the realities of the threat landscape for utilities that has developed during the COVID-19 crisis, and provide pragmatic recommendations on
what you can do to protect your utility immediately.
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 5
ENGINEERING AND MANAGEMENT CONSULTANTS
The Current Cyber Threat Landscape
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 6
ENGINEERING AND MANAGEMENT CONSULTANTS
The Modern Hacker
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 7
Prime adversaries to Utilities:
State Sponsored Actors
Organized Crime – growing segment !
Hacktivists
Team based, well funded
Strategic, persistent & patient
Highly skilled technically and well trained
They are motivated by:
Money
Influence…
But increasingly it’s really all about the money
ENGINEERING AND MANAGEMENT CONSULTANTS
Leveraging on the COVID-19 Emergency
“Cyber criminals are trying to leverage the emergency by sending out “phishing” attacks that lure internet users to click on malicious links or files. This can allow the hackers to steal sensitive data or even take control of a user’s device and use it to
direct further attacks.
Hackers have started to capitalize on this situation by sending out emails that purport to offer health advice from reputable organizations such as
governments and the WHO but that are really phishing attacks.”
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 8
https://thenextweb.com/syndication/2020/04/05/coronavirus-pandemic-has-unleashed-a-wave-of-cyber-attacks-heres-how-to-protect-yourself/
ENGINEERING AND MANAGEMENT CONSULTANTS
COVID-19 Phishing Examples
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 9
“New COVID-19 prevention and treatment information! Attachment contains instructions from the U.S. Department of Health on how to get the vaccine for FREE”
“URGENT: COVID-19 ventilators and patient test delivery blocked. Please accept order here to continue with shipment.”
Too good to be true !
Urgent request
Disguisedlink.
Should be https:
https://www.eff.org/deeplinks/2020/03/phishing-time-covid-19-how-recognize-malicious-coronavirus-phishing-scams
ENGINEERING AND MANAGEMENT CONSULTANTS
The Threat Landscape - Teleworking
“In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
The speed at which organizations are being forced to respond to the unfolding COVID-19 health crisis could be leaving many of them vulnerable to
attack by threat actors rushing to exploit the situation.
Over the past few weeks security vendors and researchers have reported an increasing number of malicious activities tied to COVID-19 that they say are
elevating risks for organizations across sectors.”
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 10
https://www.darkreading.com/vulnerabilities---threats/attack-surface-vulnerabilities-increase-as-orgs-respond-to-covid-19-crisis/d/d-id/1337369
ENGINEERING AND MANAGEMENT CONSULTANTS
Work At Home – Expanding the Utility Attack Surface
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 11
Corporate Applications and Technology(IT)
Operational Applications and Technology
(OT)
Utility Customers (Residential, Commercial,
Industrial)
ExternalRisk
Distributed Energy Resources -MicroGrids
SystemRisk
CommunicationsRisk
UnpatchedRisk
Bulk Electric SystemICCP
ConnectionTS
ConnectionExternalRisk
PrivacyRisk
External Risk
InsiderRisk
Third Party Vendors
LegacyRisk
Work at Home
Unsecure Wi-Fi, Connections &
Apps
Unprotected confidential info
Eavesdropping on Video Calls
ENGINEERING AND MANAGEMENT CONSULTANTS
Polling Question #1
Approximately what % of your utility staff are currently working from home ?
Less than 25% 25% - 50% 50% - 75% Greater than 75%
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 12
ENGINEERING AND MANAGEMENT CONSULTANTS
The Threat Landscape for Utilities
March 10, 2020: “The North American Electric Reliability Corp. called for power providers to update business continuity plans in case of a pandemic outbreak …
NERC also recommended utilities be on the lookout for cyberattacks taking advantage of the panic and using "coronavirus-themed opportunistic social
engineering attacks" to hack into power companies' networks. Social engineering attacks are when hackers use social interactions to manipulate targets into giving
up sensitive information.”
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 13
https://www.eenews.net/stories/1062570713
ENGINEERING AND MANAGEMENT CONSULTANTS
The Threat Landscape for Utilities
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 14
Attempts to compromise critical infrastructure systems and services are up nearly 400% since the beginning of 2020, according to cyber security officials at the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division within Homeland Security that tracks and investigates attacks against
ICS and corporate networks.
Actors are using the distractions of migrating to modified operations to maintain business continuity and confusion associated with remote workforces to carry
out wide-ranging cyber assaults on utilities and their suppliers.
ENGINEERING AND MANAGEMENT CONSULTANTS
Hacking Trends Associated With The New Threat Landscape
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 15
ENGINEERING AND MANAGEMENT CONSULTANTS
Hacking Details
Phishing and vishing attacks related to COVID scams have increased dramatically.
Phishing in the forms of: U.S. Center for Disease Control impersonations and misinformation
Stimulus relief
Fake refunds
Unusual account activity
Counterfeit testing kits and personal protective equipment
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 16
ENGINEERING AND MANAGEMENT CONSULTANTS
Hacking Details
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are up sharply and continue to rise as more people turn to virtual options for conducting
business, shopping, education and accessing news related to the pandemic.
Denial of Service Attacks in the forms of: Department of Health and Human Services Healthcare organizations State and local health departments Overwhelm legitimate websites causing slow or no response DNS intercepts and routing Users to counterfeit sites (MITM, waterholing)
Palo Alto’s Unit 42 threat intelligence team reports more than 100,000 COVID-related domains have been registered
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 17
ENGINEERING AND MANAGEMENT CONSULTANTS
Hacking Details
Electronic public information services and public safety systems have been compromised to spread misinformation and cause confusion.
Infiltration of cellular text messaging systems to send disinformation about shutdown of healthcare and government services (D.C., Boston, Kansas, West)
Utility OMS compromised False outage information released
911 systems compromised Fraudulent dispatch information sent to first responders
Fake active shooter incident reported
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 18
ENGINEERING AND MANAGEMENT CONSULTANTS
Hacking Details
Business and healthcare services are being disrupted to further cause confusion and insecurity.
Compromised conferencing solutions such as Zoom Business meetings and education delivery have been “Zoombombed”
Improperly configured VPN and remote access services Reported attempts to compromise healthcare IoT devices, which are often not well-
maintained and kept up to date Attempts to compromise technology-driven manufacturing production
Slow production and delivery of medical devices and supplies such as masks Attempts to steal biometric identity information to create fake identifications
Facial-recognition patterns and fingerprints Compromised endpoint protection solutions (A/v, A/malware) signature updates being
disabled
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 19
ENGINEERING AND MANAGEMENT CONSULTANTS
Polling Question #2
Have you noticed an increase in unusual activity, such as: Higher than normal call volumes into customer service Increase in suspicious emails
Unusual account activity detected – click here to change your password
Increased traffic to your public websites Other unusual activity None of the above
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 20
ENGINEERING AND MANAGEMENT CONSULTANTS
How to Protect Your Utility
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 21
1) Ensure that your endpoint protections (anti-virus, anti-malware, etc.) are up to date and that your home networks are properly secured
2) If using online conferencing and collaboration tools like Zoom, enable additional controls to better secure your online workspace
3) Tighten electronic security around your SCADA and control environments
4) Subscribe to Threat Advisory Services: MS-ISAC, E-ISAC
5) Be vigilant for suspicious emails and telephone calls – provide training for your staff
6) Monitor physical security around your facilities that are unattended - request additional patrols from local law enforcement when available
7) Patch, patch, patch
ENGINEERING AND MANAGEMENT CONSULTANTS
Q & A
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 22
ENGINEERING AND MANAGEMENT CONSULTANTS
Thank You
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 23
Doug Westlund
Senior VP
AESI
416.997.8833
Mark McKinney
Director Cyber Services
AESI
407.259.5271
ENGINEERING AND MANAGEMENT CONSULTANTS
CMUA Contact
Christine Chapman, CMPEvent and Membership Manager
California Municipal Utilities Association(916) 326-5800 (main line) | [email protected]
(916) 326-5804 (direct) | (916) 827-7126 (cell)915 L Street Suite 1210 Sacramento, CA 95814
AESI Webinar - Cyber Attacks During the COVID-19 Crisis - May 19, 2020 24
ENGINEERING AND MANAGEMENT CONSULTANTS
This presentation and others like it are archived and viewable atwww.cmua.org/OnDemand