Last month’s WannaCry cyber attack has underlined yet more vulnerabilities being created in our digital systems. The ransomware attack is considered the biggest of its kind, and the greater sophistication of the software used suggests this type of attack could soon target multi-million dollar projects, like those in the building industry.
In what seems crude at first, extortionists fooled victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files. From there, the ransomware encrypted data on computers and demanded payments of $300 to $600 for access to be restored. Many victims have already admitted to paying ransoms, using the digital currency bitcoin, but it is unclear what percentage.
The cyber attack leveraged hacking tools now widely accepted to have originated, and been leaked, from the US National Security Agency (NSA). Targets were primarily focused on Europe and Russia although incidents were seen around the world. The attack sparked an on-going international manhunt rife with controversy.
Ransom notes in Korean have been dismissed as intentionally misleading. Cyber security researchers have dismissed initial reports that North Korean hackers were behind the attack after finding evidence that the note was translated from another language into Korean.
“Analysis revealed that nearly all of the ransom notes were translated using Google Translate and that only the English version and the Chinese versions are likely to have been written by a human instead of machine translated,” said cyber security firm Flashpoint.
Two elements made this particular ransomware attack stand out from the multitudes that float around the internet everyday. First was the scale of the impact. More than 200,000 organisations spanning 150 countries were infected by the hack. Making “this is one of the largest global ransomware attacks the cyber community has ever seen,” according to Rich Barger, director of threat research with Splunk.
The second was the magnitude of the targets. Some of Europe’s biggest telecom companies were hit, logistics giant FedEx, and even Britain’s national health service (NHS), forcing hospitals to turn away patients.
“Seeing a large telco like Telefonica get hit is going to get everybody worried. Now ransomware is affecting larger companies with more sophisticated security operations,” Chris Wysopal, chief technology officer with cyber security firm Veracode, said.
This is the key point scaring the digital community now the dust has settled. If this number and magnitude of targets are vulnerable, what else is possible and who is truly safe?
“Now that the cyber criminals know they can hit the big guys, they will start to target big corporations. And some of them may not be well prepared for such attacks,” said Chris Camacho, chief strategy officer with cyber intelligence firm Flashpoint.
Consider the construction industry as it increasingly embraces the digital, connected, cloud culture, with popular software like building information modelling (BIM). At crucial stages of the construction process, this kind of attack could be used not only to withhold access to data but also to hold the progress of entire multi-million dollar projects to ransom.
“Data is a key asset of most businesses, whether it is commercially sensitive information, intellectual property, personal data or big datasets. Almost all of that data is now held in electronic format, and new data is being created at exponentially greater rates than ever before. Large infrastructure projects are planned out using BIM and other digital systems, therefore a cyber attack could bring a project to a halt,” said Paul Glass, partner at international law firm Taylor Wessing.
BIM and other data dependant systems are also used in the operation and maintenance of smart buildings, meaning the very function large facilities could be threatened.
“Smart buildings promise significant benefits to owners and operators in terms of efficiency, safety, comfort and functionality, but these systems also carry potential costs, as without the right levels of protection, they can act as tempting targets for would-be hackers and or malicious insiders,” states our latest report: Cyber Security in Smart Commercial Buildings 2017 to 2021.
The WannaCry attack targeted two weaknesses in the popular Microsoft Windows operationg system – the EternalBlue exploit and the DoublePulsar backdoor. Miroslav Stampar, a security researcher at the Croatian Government CERT, has now discovered the ‘EternalRocks’ malware that exploits seven different Windows vulnerabilities.
This is another in a growing trend of major cyber attacks that highlight both the vulnerabilities of our increasingly digital world, and our seeming inability to keep pace with the growing sophistication of hacks.
More needs to be done by all stakeholder to prevent to problem escalating out of control. Only with a coordinated effort will we be able to manage the cyber security threat to smart buildings.