Hacker attacks on urban infrastructure can cause serious damage: cause traffic jams, provoke an accident at a factory, leave residents without electricity, and even poison tap water by increasing the concentration of sodium hydroxide. Aleksey Borisov, Director for Acceleration of the Information Technology Cluster of the Skolkovo Foundation, tells how the city is protected from cyber threats of this magnitude on a daily basis.
In the spring of 2022 Russia faced with an unprecedented level of cyber threats. Number of attacks on transport network only increased almost double. So, in September the hackers hacked Yandex.Taxi service and sent fake travel requests to drivers. As a result, dozens of cars got stuck in a traffic jam in the center of Moscow.
If in this case the drivers lost 40 minutes of their time, then the attack of cybercriminals on healthcare facilities can lead to tragic consequences. In 2018 hackers turned off computer systems and devices in the Tyumen Federal Center of Neurosurgery. At that moment, doctors performed a complex operation on the child’s brain. The girl survived only thanks to the professionalism of the doctors.
Hackers carry out targeted — they are the most sophisticated — attacks on smart city systems that link urban infrastructure. Through corporate networks and the Internet of Things (IoT), you can access medical devices, fire safety devices, video surveillance systems, and so on.
How to protect the city
The difficulty of repelling such attacks lies in the fact that the landscape of APT threats (targeted attacks) in each region is constantly changing, as the digital landscape of the city is changing. In addition, cybercriminals carefully prepare for an attack by identifying weaknesses in advance. In the Kill Chain system, this step is called reconnaissance and data collection.
Skolkovo has developed a technology to protect against such attacks using decoys (Distributed Deception Platform — DDP). “When a group chooses an object as its target, the attack vector is first built – through whom and how to penetrate the infrastructure,” explains Alexander Shchetinin, founder of the Xello company, which was engaged in development with the assistance of the Skolkovo Foundation.
Kill Chain also includes the following steps:
- weapons – a malicious file is created;
- delivery – virus data gets to the victim. Usually used e-mail or USB flash drives;
- infection – a dangerous file is activated;
- installation – remote access is opened for inconspicuous management and updating of malicious code;
- achievement of the goal – depending on the tasks at this stage, data is stolen, encryption, control interception, and so on;
- removal of traces of presence – actions are taken to hide the hack
How to protect yourself from cyber attacks
To identify problem areas in the information security (IS) system of the city, exercises at cyber training grounds allow. For example, this way, without risking the real infrastructure of the plant, you can find out the chances of hackers gaining access to the control of a blast furnace.
Cyberpolygon is a platform for virtual modeling of IT landscapes of various business segments and urban environments. The main goal of the event is to increase the security of the company’s infrastructure or facility. So, a few years ago, a copy of the IT infrastructure of a large metropolis was created at a cyber training ground in Moscow, which repeated the production chains and business processes of key industries.
Cyber exercise scenarios cover threats that are relevant to the specific industry. At the first international cyber exercise, which took place in June, the participants fought off an attack on a large electric power facility. In October, a real Russian power grid company fought back from a massive attack by hackers who intended to turn off the power in the Leningrad region.
How to increase the level of information security
An effective information security system involves the use of many security measures, including at the level of identifying potential threats. In this segment, “network sandboxes” or sandboxes have proven themselves well. The technology detects malicious code even inside encrypted archives. Ordinary antiviruses can’t do that.
Xello Deception developers have proposed a progressive approach to combating cybercrime: their system catches hackers with live bait. “We try to be smarter and more cunning than an attacker by creating realistic cyberbaits and cybertraps. It can be a forgotten password or a secure connection – everything that hackers are looking for to break into the network. At this moment, we catch them, ”explains Shchetinin.
How to reduce risks
To mitigate risks, the cyber defense structure must operate seamlessly at the level of all links in the Kill Chain. Perimeter security can be assessed by Pentest or Red Team. With Pentest, penetration testing is carried out in a specific area, while Red Team involves a deeper dive into the nuances of the work of the information security team. But the services of so-called good hackers are expensive, and not all companies can afford them.
BAS (Breach and Attack Simulation) technology has become a real breakthrough in the field of cyber defense, which made it possible to automate the simulation process. In Russia, this direction is actively developing today. Thus, with the support of Skolkovo, CtrlHack launched a platform of the same name for simulating various cyber-attacking techniques directly in the organization’s infrastructure. It was thanks to the support of the Foundation that the project was able to implement a solution that made it possible to take a step forward in the race against cybercrime. “This is necessary so that the information security system can understand how security tools react to these hacker techniques, how threats are blocked or detected,” explains Maxim Pyatakov, co-founder of CtrlHack.
Focusing on infrastructure significantly distinguishes the solution of the Russian vendor from Pentest and Red Team, which are more focused on the perimeter.
What gives BAS
- Checking the operation of protection tools (NGFW, mail antiviruses, sandboxes, EDR, and so on).
- Analysis of the correctness of the settings in the information security system and the completeness of the collection of events in SIEM.
- Infrastructure security assessment at any time.
- Finding weaknesses in the response system.
number of hacker attacks in 2023. At the same time, the architecture of cyber threats is becoming more complex every year, as are urban infrastructure systems. However, in order to reliably protect the city from cybercriminals, it is necessary to upgrade the information security system regularly.