Ukraine Cyberattack a Warning to U.S. Companies

By Floyd Arthur

On Dec. 23, 2015, hundreds of thousands of homes and businesses in the

Ukraine lost electrical power for six hours following what is now being

called a well-coordinated, well-planned cyberattack. Referring to the attack

on the power-grid as the first of its kind, SANS Industrial Control Systems

described the takedown as a multi-faceted effort that involved:

Cyberattacks

remotely switching off breakers to cut the power supply

exploiting malware already in the system to prevent utility company

employees from detecting the outage

flooding phone lines to prevent customers from reporting that the power

was out

The malware also damaged the system server, preventing the affected

power companies from quickly restoring service and making investigation

more difficult.

Although Ukrainian authorities have yet to release a full report, and

questions about the malicious code used to implement the cyberattack

Carmoon Group Ltd. Business Insurance Hempstead New York Page 1

remain, the cybersecurity firm iSIGHT Partners has attributed it to the

Russian hacker group Sandworm. In an interview with Ars Technica, John

Hultquist, head of iSIGHT's cyber espionage intelligence division said, "It's

the major scenario we've all been concerned about for so long."

U.S. Utility Companies Warned of Cyberattack Dangers

In the wake of the attack, the U.S. power industry’s Electrical Information

Sharing and Analysis Center issued a warning to power companies that they

needed to review their cyber-defense systems and “do a better job” of

preventing cyberattacks, according to a Reuters report. The warning did not

identify any critical shortcomings in the U.S. power grid, nor did it indicate

that the group felt there was an imminent danger of a similar incident on

U.S. soil. According to EIS spokesperson, Kimberly Mielcarek, "There is no

credible evidence that the incident could affect North American grid

operations and no plans to modify existing regulations or guidance based on

this incident."

Increasing Awareness of Cyberattack Threat

Perhaps the most disturbing aspect of the Ukranian cyberattack was how

easy it was. According to Robert Lipovsk, senior malware researcher at the

Ukrainian software-security firm ESET, "The alarming aspect of this attack

was that the infection vector” [for the malware] was phishing, the practice

of using email with a malicious attachment to gain access to a computer,

“which is quite a trivial way to get in.”

In fact, cyber-security firms advise that employee carelessness, such as

opening email attachments from unknown senders of using insecure

passwords on private computers used at work, is one of the biggest threats

Carmoon Group Ltd. Business Insurance Hempstead New York Page 2

to a business’ cybersecurity. According to experts who weighed in at

a Guardian roundtable last October, another is the failure of company

leadership to understand the threat. “One of the real dangers is that many

leaders don’t realise their organisations have become digital,” said one

participant. They “probably started their careers when their business was

paper-based, and in their minds that’s how the business still works.”

Communication and education (at all organizational levels), the group

agreed, is the key to an effective cyber security program, whether the

company is protecting customer data or access to a power grid. The group,

which included industry leaders such as Nigel Harrison, non-executive

director of the Cyber Security Challenge UK, Andrew Rogoyski, vice-

president of cybersecurity services at CGI, and Emma Philpott, chief

executive at the IASME Consortium, also urged businesses to:

Encourage all employees to set strong passwords and change them regularly

Update hardware, firmware and software as needed

Regularly patch firewalls

Change the default password on WiFi routers and gateways

Educate leadership and employees about cybersafety

Mandate that employees who use their own devices at work install firewalls

and antivirus software.

All across the globe, cybercriminals are becoming more adept at planning

and implementing cyberattacks, and no business, no matter how small, is

immune. A strong IT security program and educated employees is the best

defense against hackers, but having cyber liability insurance to protect your

firm is important as well. Find out more about this essential form of

coverage by contacting one of our business insurance experts today. Call us

at 516-292-3780 Monday through Friday 9 a.m. to 6 p.m., or request a free

consultation online now.

Carmoon Group Ltd. Business Insurance Hempstead New York Page 3