Cybersecurity and Remote Access
The conversation regarding IT security is shifting. Until recently, most of the major hacking incidents were conducted by financially-motivated hackers out to steal proprietary data. They often targeted large retail companies that store thousands of credit card records, such as the highly-publicized T.J. Maxx data breach in 2007. But today hacktivism and cyber terrorism are growing as real threats to both public and private organizations. Because hacktivists are motivated by creating disruption versus financial gain, public utilities have been pushed further into the spotlight as potential targets.
Listening ports can be identified through a relatively simple scan.
According to the recently published Verizon 2012 Data Breach Investigations Report : “The most significant change we saw in 2011 was the rise of ‘hacktivism’ against larger organizations worldwide. The frequency and regularity of cases tied to activist groups that came through our doors in 2011 exceeded the number worked in all previous years combined... “Although activist groups accounted for a relatively small proportion of the 2011 caseload, they stole over 100 million records. That’s almost twice the amount pinched by all those financially-motivated professionals we discussed earlier. So, although ideological attacks were less frequent, they sure took a heavy toll.”
Earlier this year, the director of the National Security Agency, Gen. Keith Alexander, cautioned in White House briefings that hacktivist collectives such as Anonymous could pose a threat to power grids. While hackers accessing and shutting down a power grid is the biggest threat, any disruption to a public utility could obviously wreak havoc, including the loss of life or widespread economic damage. Unfortunately, while many utility companies have invested heavily in the security of their infrastructure, they don’t always invest in updating outdated or legacy technology, leaving some older doors wide open for cyber-attacks on their network.
A technology that is especially vulnerable is the remote access or remote support tools that utilities use to provide tech support to remote workers and stations. The same Verizon report states that remote access services are the number-one hacking vector, accounting for 88 percent of all breaches involving hacking techniques. This is up from 71 percent the previous year, demonstrating that hacking via remote access is on a steep rise. The report specifically calls out legacy systems, such as VNC (virtual network computing) and RDP (remote desktop protocol), as remote access services that hackers often use to gain entry into a network.
Many utility providers have been using these tools for years to support technicians in the field or to fix unattended systems located in remote stations. These first-generation remote access tools allow IT support technicians and administrators to establish a direct connection with the end system, allowing them to remotely see the user’s screen and control the mouse and keyboard as if they were standing in front of it. Most of these legacy systems leverage an inbound or peer-to-peer connection, which means a port on the end-user’s system is listening for a rep to connect. This open port can become the back door that a hacker uses to infiltrate a network, as listening