June 12

No Target Unturned.

New targets in the energy sector add to credit card data theft in list of vulnerability concerns

It’s a connected digital world and as far as information technology goes threats from hackers to our data are always prevalent and evolving. Break-ins to computer systems have put IT departments on guard for data theft and espionage for years. One new corporate sector target is becoming a clear favorite for cybercriminals though. According to security firm research – the energy industry is now the sector with the highest number of reported attacks. These oil and gas targets bring with them a new dimension of concern too. The potential physical damage to machinery, tools and power stations and worse, people, is higher due to computers running everything these days.

After the 2003 East Coast blackout, power companies connected infrastructure to the Internet to make it more reliable

Tom Kellerman, chief cybersecurity officer of Trend Micro

While sources are hard to trace sometimes, an unlikely one may be to blame for vulnerability in companies. After large blackout on the U.S. East Coast in 2003, power companies were compelled to adjust infrastructure. We remember the ensuing panic and anxiousness around the event. Here’s a throwback to CBL commenting in the aftermath on television:

To make the grid and everything on it more reliable in outage situations meant networking a lot of things to each other and the Internet. The result was an increase in connected devices with potential security lapses allowing openings for hackers to exploit.

Data remains the most sought after item for cyber-criminals, especially financial/credit card data for both their own use and sale on black markets. Small businesses are starting to find they are not out of the sights of cybercrime as reports show hackers go after little fish as well. Credit card systems and payment processors are ripe for the picking at retail stores and restaurants. The National Small Business Association reports costs of cybercrime went up to ~$20,000 from $8,000 in 2013. Focusing their efforts for the smaller target, hackers sometimes deploy malware and phishing attacks as a test before moving on to bigger targets, but the quest for credit card details remains at the root.

In this climate of increased hacker activity, no target is immune it seems. What about the firms who make it their mission to monitor and build tools to help fend off attacks and preserve security? Who watches the watchers? We have relied on them for decades – digital security focused companies that build anti-virus software, firewalls, increase security awareness etc. But new types of attacks render even some of their own systems vulnerable. Recently, anti-virus software maker Kaspersky Lab reported it had discovered an intrusion to its systems with the assailant only appearing to be interested in spying on their activities and development. Kaspersky and other companies like it are tackling new evolving malware/attacks being discovered around the world like recently discovered ‘diskless’ malware. A type of malware that doesn’t use physical disk storage but rather resides solely in computer memory making it much more difficult to detect. As ever, for many of these attacks, vigilance from users and IT administrators to be wary of opening email attachments, executing unverified apps etc.. remains key in the fight.

Category: business

Tags: , , ,


Commenting is closed for this article.