BROUGHT TO YOU BY THE VISIONEXPERTISE DELIVERED STRAIGHT FROM THE FRONTLINES OF CYBER ATTACKS PAGE 3 STATE OF THE NATIONS A global look at the rise in State sponsered cyber attacks in 2018 PAGE 4 A FINANCIAL STRONGHOLD How one bank is winning the war on cyber crime PAGE 6 WHAT ABOUT THE PROTECTIVE STATE THE PLANT FLOOR? The evolving role of Governments in cybersecurity different threats. With cybersecurity vital to a governments are not even the primary security POLITICAL properly functioning and prosperous economy, provider, such as when they don’t provide it is critical that governments take the lead, and close supervision of, or operational control The role of governments as their that this is recognized by its citizens. over, critical infrastructures operated by the nations’ primary provider of private sector. security against all threats is as So far, the 21st century has seen continued compelling as ever. Yet few still wide scale deregulation and privatisation, This changing global landscape shouldn’t Our six subversive concerns for with many nations’ critical infrastructure – in mean a lesser responsibility for governments industrial environments have difficulty in grasping the rapid increase in interconnectedness and sectors such as energy, transport, finance as legitimate providers of security, but rather and medicine – now in the hands of the that they should work to understand the interdependency to determine how private sector. These sectors are constantly changing world and their role within this new best to use a Regulate, Facilitate, under threat, not least because of increased environment of increasing interconnectedness. PAGE 8 FOLLOW Collaborate (RFC) model for the THE MONEY globalisation of societies and economies. For governments to be successful in this benefit of the private sector in When these threats transpire, the potentially new environment, their remit must transcend creating a robust environment in crippling effects are felt regionally, nationally their historical regulatory role and, instead, which to conduct business and, and even globally. they must tackle how they can best assist the increasingly, operate critical private sector to invest in security (facilitation), The difficulty in securing critical infrastructures national infrastructure. and how the public and private sectors can is due in part to the differing motives of the work together to improve the prevailing state Because the security environment around private and public sectors. One is corporate of security (collaboration). us is complex – and different organisations efficiency with maximized profit, often leading are more receptive to certain measures than to the implementation of minimum levels of We cannot overstate the importance of others – there’s no one-size-fits-all solution. security in order. The latter is social order, developing strategies through a Regulate, We take a look at the operations Whilst governments cannot control every national security and economic prosperity. Facilitate, Collaborate (RFC) framework, of the FIN6 cyber crime group aspect of cybersecurity, they can certainly Most developed countries have an ‘all hazards’ supported by the ability to draw upon lessons help to shape its future, with the benefit of approach to address a wide range of threats learned from other types of threat such as past lessons learned from other nations and to their population. Yet in some cases, pandemics, war and terrorism. 2 3 THE VISION | FIRST EDITION BROUGHT TO YOU BY Disturbing attack trends on industrial control systems THE EDITORS STATE OF VIEW THE NATIONS FOUR NEW STATE-SPONSORED APTS COME TO THE FORE 2017: The worst year in cybersecurity history? The Vision recalls on a year that the and reputation, but potentially, a risk to human life and INDUSTRY industry would be happy to consign political stability. to history. Until recently, cyber attacks occurred The type of systems in question monitor processes and mainly in digital, rather than physical trigger alarms if hazardous thresholds are reached. You know when a cyber attack has reached a different level Last July, a joint US Department of Homeland Security governments, journalists, and dissidents APT34, has been carrying out reconnaissance APT35 – aka the Newscaster Team – is yet environments. But the ability for / FBI bulletin warned that hackers had targeted such when its effects are global, and the general public talk about INTERNATIONAL since at least 2014. It’s also believed that the aligned with Iranian strategic interests since another threat group sponsored by the systems at the Wolf Creek nuclear power plant in it. Last year, we witnessed not one, but three such incidents. organisations to control and monitor group has targeted network security and 2014. From monitoring the group’s activity, Iranian government, set up to carry out long- Kansas. And our own investigators recently responded At FireEye we label attackers as When WannaCry rampaged across the globe on May 12 more of their physical processes online technology infrastructure corporations with we believe its main targets are Middle term, resource-heavy operations to collect to an incident at a facility where an attacker deployed 2017, it infected more than 300,000 computers in 150 APT groups when we have solid connections to foreign investors. It recently East-based financial, government, energy, strategic intelligence. Targets include the US drastically increases their vulnerability. malware designed to manipulate safety systems. The countries. In the UK alone, more than 80 National Health evidence of their sponsoring used social engineering emails with Microsoft chemical, telecommunications and other and Middle Eastern military, diplomatic and This is being increasingly exploited by nation consequences of emergency shutdown systems at a Service hospitals were impacted, resulting in cancelled ActiveMime file attachments to deliver industries. There’s strong evidence government personnel and organisations states who are turning their sights toward chemical nuclear plant or chemical facility being manipulated or nation, TTPs, target profile and surgeries and diverted ambulances. President Trump’s malicious macros, downloaded from a remote that the group is acting on behalf of the in the media, energy, defense, engineering, facilities, energy platforms, transportation networks, disabled are unthinkable. homeland security adviser Tom Bossert attributed the attack motivations. Last year, server. We believe the group may be aligned Iranian government. business services and telecoms sectors. manufacturing plants, pipelines and water systems. Illicit attack to North Korea, saying: “North Korea has acted four joined the ranks. Unlike with the Vietnamese national interest, with reprogramming of safety instrumented systems in this On a similar note, please read our article especially badly, largely unchecked, for more than a recent activity targeting private interests critical national infrastructure, could bring catastrophic describing the types of subversive concerns many cyber criminals, APT decade... WannaCry was indiscriminately reckless. If suggesting a threat to companies doing ramifications. Not only to physical assets, revenues for industrial control systems, Page 6. attackers often pursue their ordinary men and women around the world hadn’t known business or preparing to invest in Vietnam. the meaning of ‘ransomware’, they did now. targets over months or years, all Whilst being unclear about the group’s the while adapting to attempts to specific motivation, we believe it could The following month, the NotPetya virus was launched ultimately erode organisations’ competitive remove them from the network in Ukraine and rapidly spread across the world. In a way, advantage. BUILD BETTER VISIBILITY NotPetya’s ‘wiper’ malware was even worse than WannaCry and frequently targeting the The Iranian threat group APT33 has been because affected organisations’ data was destroyed, rather You are not an island - same victim if their access is lost. INTO YOUR NETWORK than merely held hostage. Consumer goods manufacturers, conducting cyber espionage to collect transport and logistics companies, pharmaceutical firms Russia and China still top the list of the most information from defense, aerospace and utilities suffered reported losses of over $1 billion in everybody is connected sophisticated adversaries, but May last and petrochemical organisations since year saw the first APT group attributed to a economic losses. at least 2013. There’s also evidence that different nation and the number is increasing. suggests targeting of Saudi Arabian and The summer of cyber woe peaked in August when Equifax western organisations that provide training, INTERNATIONAL APT32 – aka the OceanLotus Group – has reported the loss of the sensitive personal records of 145 maintenance and support for the country’s been targeting foreign corporations with million people. The reaction was swift and severe. Within military and commercial fleets. Whilst today’s unprecedented efficiency investments in Vietnam as well as foreign days, the market cap loss exceeded $5 billion. In the US, the FTC and both houses of Congress launched investigations. and speed of communication within Equifax’s CIO, CISO and, later CEO all fell on their swords in organisations, across borders and the aftermath. between governments has brought Industries Investigated By Mandiant in 2017 2017: not a year to remember with fondness, nor untold benefits, it is