Brute Force Attack, Ransomware & Business Interruption
One of the biggest areas affected with cyber threats is the cost associated with the interruption to the business (not able to trade), and the most common cause is Human Error.
All organisations (including manufacturing) utilise their computer systems to perform key functions and the loss of these systems significantly reduce or even cripple a company form trading.
The key things to consider are:
Do you have an I.T. disaster recovery plan?
How long would it take to get back online, and what is the potential impact to your turnover?
How long would it take to return to full operating efficiency, and what is the potential total impact to your turnover?
A recent example has highlighted the need for experts to assist when a manufacturing business received a brute force attack and was crippled.
A person (hacker) was able to gain access to the business’s computer system through a Remote Desktop Protocol (RDP), which is used to gain access remotely to the network (i.e. work from home employees). This exposed the network to the internet and removed the more secure connection of a Virtual Private Network (VPN). The hacker then commenced an brute force attack to obtain administrator access. A brute force attack is where a hacker uses a computer programme to crack passwords by trying every possible password combination in rapid succession. Unfortunately, the local administrator account had a weak password in place, and it didn’t take long for the hacker to gain access. The hacker then launched their encryption across the servers, placing the Ransomware program, leaving a ransom note and requested payment in Bitcoin.
The business attempted to restore the servers from backups, however some of the data had not been saved externally so were compromised and unrecoverable.
Luckily for this business they had a Cyber Insurance program, and was able to engage their 24/7 incident response team to assist.
Whilst this hack did not compromise the manufacturing side of the business, the administration and sales side was dramatically affected including loss of substantial sales and all pre-existing business leads. The hacking event was rectified in a matter of days, but the on cost to the business was felt over many months.
The total extent of impacts to the business from this one RDP access included:
Hacking – IT Forensics to investigate the loss
Hacking – Ransom payment
System Damage – Rectification to prevent reoccurrence
Business Interruption – Additional Increased Cost of Working
Business Interruption – Lost Profit
And the lessons are:
An open port used for RDP is one of the most common vulnerabilities exploited
The majority of ransomware claims are a result of hackers gaining access via RDP
Businesses should ensure that staff have strong password security in place as well as two-factor authentication
Importance of having cyber insurance, including business interruption coverage
All modern businesses have some form of cyber exposure