March 27, 2017

Manufacturers, others face growing 'ransomware,' 'phishing' attacks

PHOTO | Kelser Corp.
PHOTO | Kelser Corp.
Andrew Tyler (left) senior consulting engineer at East Hartford technology consultancy Kelser Corp., worked with Rich Shemanskis (right) information technology manager at Empire Industries, following the Manchester manufacturer's “ransomware” attack last July.
PHOTO | Kelser Corp.
Manchesterís Empire Industries survived a cyberattack, an escalating threat to commercial and public information-technology networks.
Arthur House, Connecticutís first chief cybersecurity risk officer

By the Numbers

$6 trillion

The total annual monetary damages cybercrime is expected to cause by 2021, according to Cybersecurity Ventures.

$81.6 billion

The amount spent on cybersecurity products and services in 2016, according to Gartner.

Source: Cybersecurity Ventures, Gartner

It was just after lunch on a warm day last July, when Empire Industries, a Manchester manufacturer of stainless steel products and specialty finishes, became a "ransomware'' target for the first time.

"We were doing our work,'' said Empire's information technology (IT) manager Rich Shemanskis. "A couple of us noticed our files on our file server … names were being changed to random numbers. … I was in a panic.''

Empire and other manufacturers are especially sensitive to "down time,'' so Shemanskis says he got on the company's public-address system and ordered all Empire employees to immediately log off and shut down their laptop, notebook and desktop computers. Fortunately, the disruption to Empire's computer network was minimal, due to separately stored backup files, he said.

Empire's episode is one that a growing number of individuals and companies, as well as local, state and national governments worldwide are encountering almost daily, cybersecurity experts say.

"Ransomware'' describes pernicious software code that hackers, using corrupted emails and online links, leverage to penetrate victims' computer networks, to rename, erase or relocate crucial data files. Once infected, victims usually are strong-armed into paying "ransom'' to get hackers to "unlock'' or restore hijacked files, said Matt Kozloski, vice president at Kelser Corp., an East Hartford data-security services provider, who helped Empire get back up to speed following the failed cyberattack.

Concerned about potential cybersecurity threats to the state's IT network and its public infrastructure, Connecticut last October became one of the first states to create an executive-level post, chief cybersecurity risk officer. Gov. Dannel P. Malloy named Arthur House, former chair of the state's utility oversight agency and an ex-military intelligence officer, to the post.

Under House, the state Public Utility Regulatory Authority (PURA) last May unveiled a strategic plan that required all electric, water and telecommunications providers to put in place cybersecurity prevention and action plans. After reviewing it, House said Malloy decided many of its provisions should be applied to hardening the state's IT and infrastructure network.

Eversource, which provides electricity and natural gas to thousands of central Connecticut residential and commercial customers, said through spokesman Mitch Gross, that it has "a robust, comprehensive security program in place to protect against potential threats.''

"Recognizing that technology is ever-evolving, we continue to work with the governor, state officials and security experts on this issue,'' Gross said. "This collaboration is vital to the protection of our electrical system."

Clinton's Connecticut Water Co. says it invested last year more than $60 million in water treatment, aging pipeline replacement, cybersecurity and other improvement projects. In 2017, it will spend $46.7 million to continue enhancing system reliability, including protecting sensitive data.

"The extent of vulnerability extends to just about everything,'' House said. "Our digital economy was made for speed, sharing and managing large volumes of data. It wasn't made for security. Security has to be added by the user.''

To that end, House, who reports to the state's chief information officer, Mark Raymond, said he has three priorities: craft and present by May a cybersecurity strategy for Connecticut's state and municipal governments, businesses, higher education and law enforcement; devise an action-plan for implementing those strategies; and set up an emergency response/recovery drill for the state.

"We've never had a cyberattack in Connecticut on any of our infrastructure,'' House said. "We need to figure out what that might entail. Nothing is impenetrable."

Not an 'IT' problem

According to House, there are 2.4 billion online connection attempts monthly onto state-government's computer network from external sources. Of those, about 53 percent, or 1.26 billion, are blocked by the state's "boundary-security'' software; the rest are allowed in, he said.

Also, about 4 million emails a month arrive on the state's network, House said, but about one in four don't get through, likely because software screens expose them as nefarious "phishing'' attempts to pilfer user's logins, passwords and other sensitive or proprietary data. Moreover, the state's digital screens snare around 2,400 attempts monthly to insert malignant software, or "malware,'' onto its network.

"We rely on state employees to be vigilant,'' the state cybersecurity chief said. "If it looks suspicious, don't open it."

"The question is how good is your security?'' House added. "This is no longer an 'IT problem.' It's a mistake some people make. … Penetration can come to any employee in a company and spread to management. It's like saying only the lawyers in a company have to worry about the law.''

That's the message Shemanskis says is being drilled more intensely into Empire Industries' employees, along with other cyberdeterrents.

Since Empire's cyberattack, Shemanskis says he has heard of other local companies' IT networks being breached. However, those firms he didn't identify "ransomed'' back access to their corrupted data, he said.

Small and medium-sized businesses are now the target of 65 percent of cyberattacks.

With Kelser's help, Empire Industries installed a security-monitoring system that tracks every circuit connection in its data network, down to the printers — "anything you can connect to the network,'' Shemanskis said.

Fortunately, he said, none of Empire's automated equipment is linked via the internet, a potentially disastrous union that hackers could exploit to damage equipment or disrupt production.

Kelser's Kozloski warns, however, that the prospect of hackers taking control of equipment or processes should be a big concern to any manufacturer.

"If you can hold software hostage,'' he said, "what's to keep them from holding manufacturers' equipment hostage?"

Effective firewalls

In working with clients, mainly mid-size firms with 150 to 300 employees, Kelser focuses first on prevention, then detection. The firm also provides remediation/recovery services.

On the prevention front, Kozloski says there is ample software available on the market to spot and block malware. However, even the best ones need "fine-tuning'' to create a highly effective "firewall.''

Also, there exists more enhanced software tools capable of analyzing sets of "big data'' and able to "listen'' to all the activity on a computer network, to detect unusual activity or behaviors, he said.

Shemanskis says the cyberthreats these days are too many and too varied to not tap third-party expertise.

"I'd say everybody should have an analysis done,'' he said. "We never know really when that [breach] will come. And it's no fun at all.''

Most Popular on Facebook
Copyright 2017 New England Business Media