What’s the Cost of Poor Cyber Security?

It can be high. Norsk Hydro Q1 core profit plunges after cyber attack.

Norsk Hydro was hit by a ransomware attack in March of this year. (LockerGoga ransomware to be specific.) It had a tremendous impact on first quarter results.

Aluminium-maker Norsk Hydro , the victim of a cyber attack in March that paralysed its IT systems, posted an 82% drop in first-quarter core profits on Wednesday

Core profit dropped from just over 400 million US dollars to $64.3 million.

So do you think any of the folks in the executive suite will be called to account for why they decided to “save money” by not investing in security? I don’t.

For review of what happened at Norsk Hydro, what they did that was right, and what they did that wasn’t so good, see this link.

Norsk Hydro and LockerGoga Ransomware (and others)

This is a review of what happened at the cyber attack at Norsk Hydro. What they did right. What they did wrong. Aluminum giant Hydro hit by ransomware.

The biggest thing they did right: Their power plants were not accessible to the corporate network, and so were not impacted. The biggest thing they did wrong: not all their critical infrastructure was protected that way.

The power plants were not affected at all because they were isolated from the main network — which is a best practice for critical infrastructure. But the smelting plants were not isolated; during recent years they became significantly more automated than before. So some of the smelting plants located in Norway were hit, and the team managed to make some of them fully operational, although in a slower, semimanual mode.

LockerGoga has been around since January at least, and some (though apparently not all) antivirus solutions will detect and eliminate it.

The security solution employed by Hydro was not robust enough to catch the ransomware (despite being relatively new, LockerGoga is well known, for example, to Kaspersky Security as Trojan-Ransom.Win32.Crypgen.afbf).

Though it may be a newer version that slipped through. (AV products are doing a good job at detecting the minor variations hackers can introduce.)

Critical infrastructure should not be accessible via the internet, and probably not even via your intranet – since that is how a lot of malware infiltrates your systems.

Of course Norsk Hydo wasn’t alone. Companies to Order ‘Hundreds of New Computers’

It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.

There was a columnist somewhere who called Norsk Hydro “another wake-up call.” At this point if you aren’t awake to the problems of malware in general and ransomware in particular, you are either in a coma, or a corporate executive. Stay current. Have antivirus. Segment the network. Keep critical infrastructure off the public internet and even off the corporate internet. Not that they will. (You want to spend HOW MUCH on new PCs?)

Why Would You Put Industrial Control Systems on the Internet?

Because it is easy, doesn’t mean it is smart. Aluminum Giant Norsk Hydro Targeted by ‘Extensive Cyber-Attack.’

Cyber-attacks against industrial systems are an increasing concern, and the Norwegian aluminum giant Norsk Hydro on Tuesday provided a new and worrying example of the phenomenon.

Their aluminum smelters are all under manual operation. State of the art, 1950.

And it isn’t just that companies risk inefficiencies. Real damage to expensive systems can be sustained.

In a particularly severe case several years ago, an attack on a German steel mill caused “massive” physical damage to the plant’s furnaces.

So will hackers be able to poison a water supply? Shut down power to a city? All the so engineers don’t have to get up from their desks and walk down to the control room to check on things, or so they can work from home? That’s not a good trade-off.