Recent cyber-attack and mitigation techniques
ISSC 361
American Public University System
April 9, 2016

Computer-based attacks have been going on the around the world. Individuals or governments hacking into individuals or rival governments systems. Private corporations are hacking each other in the quest of power. They have been several recent computer-based attacks that every information security expert should be aware of. This short paper will discuss one of these recent attacks, which provoked a collective blackout, the Cyber-Attack Against Ukrainian Critical Infrastructure and present an overview of some mitigation techniques.
The Cyber-Attack Against Ukrainian Critical Infrastructure was conducted using a malware called BlackEnergy. This attack targeted six Ukrainian energy organizations was perpetrated by attacker from outside the organizations. This attack has had effect on about 225000 customers of Ukrainian regional electric power distribution companies (Lee 2016). The intruders organized the attack by conducting a recognition of the network of the victim. The attacks took place with an interval of 30 minutes from each other affecting many central and regional installations (Vicinanzo 2016). The attackers, controlled the breakers from distance by using distance control administration tools already in place on the operating system or “distance industrial control system (ICS) client software through virtual private network (VPN)” after gaining rightful access to the facilities systems in order to easily conduct the distant access. The intruders also used a malware called KillDisk to erase identified files on certain targeted systems, and corrupt their master boot record which rendered system unusable, at the end the of their attack. Furthermore, the KillDisk crushed the human-machine interface or HMIs integrated in windows-based systems. The firmware of Serial-to-Ethernet devices on substations was also corrupted. The attackers also planned a scheduled disconnection for Uninterruptable Power Supplies (UPS) through its distance management interface. It was evaluated that the attacks tried to thwart scheduled restoration efforts. The role played by the BlackEnergy malware in the intrusion was not well established. BlackEnergy malware would have been transferred through spear fishing emails in a malicious Microsoft Office attachments. It was supposedly used as entry point to gain rightful access credentials to the victims’ systems. These attacks were done on windows-based machines (ICS-CERT 2016).
Cyber-attacks mitigation techniques are multiple and enable institutions to better protect themselves against those attacks. The first step and most relevant is to implement information resources management best practices which means that institutions should identify and license their assets including hardware and software assets present on the network; “on time patching of systems; and strategic technology refresh.” They also should prepare and be ready to all eventualities in case there are breaches in their control systems.
Another mitigation technique is the Application Whitelisting or AWL. This technique is use to prevent malicious and unauthorized programs from executing on network computer. It allows organizations to make sure that specific, identified software and DLLs are installed and executed on computers, and no other programs. In addition, application whitelisting blocks users in the way that they cannot change the list and type of software and libraries executable on their own system. It can be implemented by installing a suite of software product able to identify and approve which programs, files that can be executed, and access control lists. An example of this technique would be the AppLocker software introduced by Microsoft in Windows 7 (asd.gov.au 2012).
Another technique to mitigate cyber-attack would be the limitation of administrator privileges. Indeed, a user who is granted full access control can be a target for an attacker. The attacker can access and use the rights of a user with local administrator access to install any malicious program, deactivate the anti-virus and other security software on the system, or even access the organization’s network (Rigsrevisionen 2012). Lastly, corporates should close their network access to any other internetwork. All ports that are not in use should be closed as they can be used by hackers to penetrate the system. “If one-way communication can accomplish a task, use optical separation (“data diode”). If bidirectional communication is necessary, then use a single open port over a restricted network path (ICS-CERT 2016).”
Over the years, cyber-attacks have considerably grown. The victims are becoming more numerous and their effects are more devastating. Fortunately, there is a plethora of means available to organizations and security experts to mitigate these attacks and protect their assets. Anyone wanting to make career in the IT security field should be aware of these mitigation techniques.

References asd.gov.au. (2012). Application Whitelisting Explained. Retrieved from http://www.asd.gov.au/publications/protect/application_whitelisting.htm
Rigsrevisionen. (2012). Report to the Public Accounts Committee on mitigation of cyber-attacks. Retrieved from https://egov.nik.gov.pl/g/egov/DK/2013/CyberAtacksMitigation/Report%20to%20the%20Public%20AccountsCommittee%20on%20mitigation%20of%20cyber%20attacks.pdf.
Lee Ferran. (2016). Hackers Caused Mass Blackout in Ukraine, US Officials Say. retrieved from http://abcnews.go.com/International/hackers-caused-mass-blackout-us-officials/story?id=37290787
ICS-CERT. (2016). Cyber-Attack Against Ukrainian Critical Infrastructure. Retrieved from https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
Vicinanzo Amanda. (2016). US Government Confirms Cyber Attack against Ukrainian Critical Infrastructure. Retrieved from http://www.hstoday.us/single-article/us-government-confirms-cyber-attack-against-ukrainian-critical-infrastructure/e8d3a3e96ab3b7840cf75bbbf54546eb.html