The city falls asleep, hackers wake up

According to operational data, on May 15-16, large-scale hacker attacks on industrial facilities (APCS), banking and telecom systems, the Internet of things, and the corporate sector systems are planned. Forwards represent known APT CTF teams and have previously been seen in high-tech cyber operations.

Gone are the days when hackers were mostly interested in web applications. Now under threat are industrial, energy and telecom systems, the Internet of things. Monetization of attacks on these objects today at a much higher level, quite often they become targets of so-called attacks. state sponsored hackers. And it is these critical objects laid by the organizers of the contest " Confrontation " in the infrastructure of a virtual city.

The conflict of attackers and defenders comes to a new level. The battle will unfold in a city whose whole economy is based on digital technology. The urban infrastructure includes a combined heat and power plant and substation, a railway, “smart” houses with energy recovery, banks with ATMs and self-service kiosks. And of course, there are cellular communications, Internet, and various online services in the city.

')


While the attackers uncover the nmap's and smear the Metasploit's modules, teams of city defenders are building defenses and alarm systems. In this article I will talk about the preparation of protecting the oil company and antifraud systems, which are under the protection of the Jet Infosystems information security center.

Oil company

Oil companies are increasingly falling victim to both targeted and massive cyber attacks. Over the past year, several such resonant cases were recorded at once.

On Tuesday, June 27, 2017, Rosneft suffered a powerful hacker attack. About this company representatives said on Twitter. As it became known, all the computers in the Bashneft refinery, Bashneft-extraction and the management of Bashneft simultaneously rebooted, after which they began to download unspecified software. A screensaver of the WannaCry virus appeared on the screens with the requirement to transfer Bitcoins to the amount of $ 300, the wallet address and the promise to send the key after receiving the stated amount.

One of the leading sea freight carriers, the Danish company AP Moller-Maersk, has suffered a cyber attack, which has disabled its computer systems.

"We can confirm that Maersk's IT systems have failed on many divisions of the company as a result of a cyber attack," a carrier said on Twitter.

Danish shipping and logistics company AP Moller-Maersk estimates the losses from the attack of the extortioner virus Petya at $ 200-300 million, according to a company's financial report for the second quarter of 2017, published on Wednesday.

Building effective protection of the oil complex is one of the tasks of cyber defenders. The main goal is to prevent the creation of emergency situations.

High severity situations:

• accident on the tanker and in the port during fuel supply (ignition and spill of fuel);
• tank overflow (possible ignition);
• temperature changes or overflow of distillation columns with oil products.

Situations of moderate severity:

• disabling fuel transfer;
• power outage on the stand;
• accident on the fuel spill system;
• production stop;
• off steam from CHP.

Low severity situations:

• crane or cranes will damage the tanker;
• impact on the process, without consequences.

The global tasks facing the defenders of the complex are to prevent impacts on management systems, which can lead to the following consequences:

• obtaining full or partial control over the OS;
• obtaining full or partial control over the SCADA system;
• the creation of a critical emergency at the objects of automation;
• gaining access to the management of the automation object using industrial protocols;
• obtaining illegitimate access to the OS or SCADA (authentication bypass);
• complete or partial denial of service to various system components;
• complete or temporary disruption of communication with control systems of the automation object.

^{A description of the protective equipment and measures used will be provided after the end of the conference.}

Antifraud system

Anti-fraud (from the English anti-fraud "anti-fraud"), or fraud monitoring - a system designed to assess financial transactions for suspicion in terms of fraud and offers recommendations for their further processing.

The “Confrontation” rules imply the issue of money inherent in the modern metropolis: cash management, business processes aimed at making profit, accumulation and spending of money by virtual residents. All these operations have real prototypes in modern life, and also, like in real life, become a tasty morsel for hackers.

Another type of card fraud is the so-called phishing, when data on a plastic card is obtained from the user. The attackers send users emails in which, on behalf of the bank, they report changes allegedly made in its security system. At the same time, scammers ask trustful users to renew information about the card, including indicating the credit card number and its PIN code, either by sending a response letter or by going to the website of the issuing bank and filling out the corresponding questionnaire. However, the link attached to the letter does not lead to a bank resource, but to a fake website simulating the work of the present.

A variation of this offense is calls to citizens' cell phones from the “representatives” of the bank with a request to pay off the loan debt. When a citizen reports that he did not take a loan, he is asked to clarify the details of his plastic card. Further, this information is used to initiate unauthorized money transfers from the user's card account.

In the fight against such fraud, one of the main goals is the integration of information security elements in the form of effective components of business processes. It can be the protection of both money and information that can be monetized or used for illegitimate purposes. Jet Detective is used as the primary means of protection.

Based on the degree of risk, the antifraud system should solve the following tasks:

• automation, detailing and interpretability of digital facts that are traces of business processes;
• comparison, comparison and evaluation of various events or information from information systems to determine the degree of legitimacy of certain actions;
• determining the maturity criteria of the methodology for assessing the legitimacy of events and the availability of methods, often organizational, for testing such hypotheses

Frod is a prime example of the consequences of an attack on a business process involving a large number of people and technical means. The main task of the Jet Antifraud team is to identify and block fraudulent transactions.

^{A description of the protective equipment and measures used will be provided after the end of the conference.}

---

We will be reporting live from the scene, do not switch.