About multi-million-dollar damages and huge blackouts

Cybercrime poses one of the greatest threats ever to entire industries, businesses and our personal lives. But how does a cyberattack unfold, and what is our responsibility if one does happen? We’ll show you how Ukraine lost huge parts of their electricity supply in an attack and what WannaCry was all about.

In our digital world, data is the most valuable commodity. The Digitalization optimizes business operations, streamlines communication, contributes to the economy and offers us a better quality of life. Whether at home or the office, we share information across our cellphones, tablets and computers every day, and billions of these devices talk to each other. However, these digital systems stand under constant threat. Because you can be sure that someone, somewhere, is listening in or manipulating a device. 

 

Those hackers are like the thieves in the night on a detective show, waiting for the right moment to break in when no one is looking. The digital systems we rely on are constantly changing and updating; and this means that sometimes we leave the window unlocked. 

 

If a hacker or a malicious software can exploit vulnerabilities within a digital system, invading and stealing critical data, or even inflicting operational damage, might be possible. That does not only affect conventional PCs anymore, but also hospitals, power plants, factories or entire infrastructures.

How does a cyberattack unfold?

When the Stuxnet malware made worldwide headlines in 2010, manufacturing companies realized that advancing levels of digitization were blurring the lines between offices and the infrastructures that control industrial facilities. As a result, plant operators have had to prepare for all the challenges that the IT sector has had to grapple with.

 

The global WannaCry cyberattack confirmed this: On the afternoon of May 12, 2017, reports about this ransomware attack started emerging. A few hours later, the attack appeared on the screens of Deutsche Bahn in Germany and the National Health Service (NHS) in Great Britain. Within a day, Europol reported that the WannaCry Ransomware attack had infected more than 230,000 computers in over 150 countries. And it wasn’t just computers either: The NHS was one of the largest agencies attacked, and it is assumed that up to 70,000 devices – including MRI scanners, blood-storage refrigerators and equipment – may have been infected. On the day of the attack, NHS services had to turn away noncritical emergencies and many ambulances had to be diverted. 

The software patch that would have prevented the WannaCry attack had been released two months before.

The WannaCry attack did not target any one system, but instead initiated a scattered attack designed to infect as many systems as possible. The damage it caused cost millions of dollars.

 

Even more worrisome is the fact that the software patch that would have prevented the attack had been released two months before, on March 14, 2017. This example shows: It all boils down to having good cybersecurity governance in place: While the exact number is debated, estimates suggest that far more than half of cybersecurity breaches are due to human error. Technology alone is just not enough to achieve complete cybersecurity. Expertise, knowledge of the possible threats and awareness are needed. 

Another example of a devastating cyberattack that could have been prevented is the Ukraine Power Hack that took place in December 2015. The attack is considered one of the first successful cyberattacks on a power grid and disrupted the power supply to over 230,000 users. In addition, the hackers overwrote firmware, disabled operator accounts and erased the workstation and servers. 

Hackers use various ways to steal or manipulate data. However, the one thing all hackers share is their “kill chain”.

Unlike the WannaCry attack, the Ukraine Power Hack was a targeted, multipronged attack. Hackers had to go through several steps to complete the attack; and while it might have been difficult to protect the system against each step of the attack, the hack serves as an example of why timely detection of a cyberattack is so important: The attack would not have succeeded had the original phishing attack on a single office laptop been detected. Instead, hackers were able to infect the laptop with malware, gain access to the operational technology platform, collect information on the system and install further targeted malware. Only then was the actual attack triggered by using this established entryway.  

There are various ways cybercriminals can infiltrate a digital network: Attacks can be either targeted or cast as a wide net across several systems. The following outlines the most common cyberattacks that you should become familiar with:

  • Malware, or malicious software, is the software designed by hackers to infiltrate a computer, server or network with the intention to cause damage, steal information or assume control of the system’s functionality. Viruses, worms, Trojan horses, ransomware and spyware are all forms of malware.
  • Phishing and spam emails are attacks where hackers attempt to trick unsuspecting users into providing them unauthorized access to a network or their personal information. This typically occurs when users click on malicious links or email attachments. 
  • Ransomware is a type of malware that threatens to publish the victim’s data or block access to it until a ransom is paid, usually with untraceable cryptocurrency like Bitcoin. 
  • Denial-of-service (DoS) attacks are a type of cyberattack where hackers make a machine or network inaccessible to intended users by flooding the targeted system with bogus traffic to overload the system. The result: lost time and operating disruption. 

Preventing the inevitable

Hackers use various ways to steal or manipulate data (see graphic and infobox). However, the one thing all hackers share is their “kill chain” (i.e., how they attack).  Many hacks like the ones mentioned above could have been prevented had software systems been regularly updated, had passwords been made stronger and had people acted more quickly. In short, hackers knew how to exploit these vulnerabilities.

 

This shows how cybersecurity solutions, processes and people must work together to identify threats and implement the appropriate countermeasures in real time. This is what sets a company like Siemens apart: Siemens has developed a holistic strategy to address cybersecurity, one with the goal of maintaining up-to-date security standards. This includes focusing on state-of-the-art technology as well as ensuring the attentiveness of every single employee. Only together we can do everything to keep hackers from inflicting harm. 

2019-11-04

Luka Vracar & Sebastian Webel

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.