Cyber attacks are on the increase and there are seemingly endless ways for criminals to put you in a world of hurt. Geoff Meads looks at options for protection.

The horrific attacks and subsequent part-invasion of Ukraine by Russia has brought a torrent of stories of horrific attacks on the military, businesses and even civilians.

My heart goes out to all those who are suffering as a result.

The New World Order

In addition to the real-world attacks there has been heavy speculation concerning the likelihood of cyber-attacks being used as part of the conflict. This new form of war, while initially fought online, can have immediate and devastating effects in the real world. From the interruption of government services and local energy delivery through to manipulation of the media and other electronic communications.

While Ukraine might seem like a faraway battlefield in physical terms a cyber war is, by its very nature, fought instantly and across the globe. Such events could very quickly affect both our clients and our own businesses in a massive way.

In this column I hope to highlight some of the systems that could be affected and actions we might to reduce our vulnerabilities.

It will never happen to me

It’s easy to convince ourselves that, in a distant regional conflict between two or more nations, our small businesses won’t be a direct target. In truth, that is probably the case. However, the objective of a cyber-attack is often much more far-reach and indiscriminate. Their aim is sometimes toward specific government services but can also be to cause disruption and inconvenience to the wider population. Key targets are commercial services which are used by many people.

For example, your company website might be of no specific interest to an international aggressor. However, the hosting company you use might be. This is especially true if you use one of the larger companies like Amazon AWS.

Be aware that you might actually be using a service like AWS without knowing it. They provide storage and server infrastructure for a wide array of smaller companies.

For example in December 2021, according to Techradar.com, we witnessed AWS go down three times in three weeks bringing down services such as Quickbooks, Hulu, The Playstation Network and Slack.

Venerable system types

So, in a future cyber-attack, what sort of systems might be affected? Frankly, any digital system or service could be vulnerable to attack. Web and email hosting, banking, social media and cloud services are all potential targets. So are control systems, NAS drives and media servers that you may have installed for clients.

In the smart home business, we use a mix of local, cloud and bespoke IT systems and services in installations.

While the trend is to use more and more cloud services the advantage of independent, locally powered systems should not be ignored. This is super-important for essential home systems like lighting, HVAC and security. I have long argued, and will continue to do so, that such essential systems should never be dependent on Internet access to function.

The way in

How do attacks happen? While there is an almost limitless set of possibilities, and different scenarios for local vs cloud services, there are three common ways an attack happens.

Denial of Service attacks are a ‘brute force’ style of attack and are usually targeted at a specific service. With this type of attack an army of devices, often working together and distributed around the world, all try to access the target service at the same time. Because the traffic is so high the server becomes overwhelmed and, to legitimate users, the system becomes unavailable.

Secondly there’s ‘library’ attacks. Again, these can be specific to one service but can also be targeted to popular systems. The website CMS WordPress is a good example where every website powered by WordPress uses a common admin URL sub-string (https://www.mywebsite.com/wp-admin/). When these attacks happen, a remote bot tries many username / password combinations in sequence to log into a service in the hope that one will work and allow access. If enough combinations are tried, they will get in eventually and, of course, wreak havoc.

Finally, there are what I’ll call ‘faulty human’ attacks. These vary in nature, but all rely on a human being giving up login information. This can happen accidentally (from a Phishing attack for example), on purpose (in the case of a rogue ex-employee or other disgruntled individual) or by cajoling, harassing or simply paying someone for the information.

Defending yourself

Bolstering defences against attacks on service suppliers can prove impossible. We have little or no control over the technology they use and the security they have in place.

However, instigating an internal ‘digital audit’ of all external services you use (and the relevant access information for those services) is certainly a recommended task. The resulting documentation should then be updated regularly, and multiple copies be kept with key personnel offsite. This move will reduce downtime should a service you use go down because of a cyber-attack and serve as part of your company’s disaster planning.

While a digital audit for your company is an obvious choice a similar plan for your customers can also be considered. Many installers will already have such documentation, but these records should be reviewed and updated regularly. The systems we install change often, as does the version of software they rely on.

A review of the personnel who have access to client records should also be a regular task. Staff come and go, and the security of your customer’s systems should never rely on the honesty of a past employee whose credentials have not yet been revoked.

With local systems we can do a lot more to bolster security. Software updates are a must. However, this will mean assessing compatibility where multiple systems are connected. Choosing systems from a common ecosystem will help here but will limit the ‘custom’ nature of the solutions we provide.

Choosing strong passwords is an easy win as is regularly changing passwords. Choosing network names and wireless SSIDs that are non-identifiable is an essential move. Oh, and make regular backups of everything. Make multiple copies stored in remote physical locations if possible.

Finally, please do not open ports on Internet routers. A quick port scan of any IP address will reveal open ports and thus vulnerabilities. An open port is like an open warehouse door in terms of security. When you need remote access to your office or client’s premises then a VPN is the way to go!