What a Hacker Had to Say: Ethical Wake Up Call – Construction Targeted by Cyber Criminals
In today’s day and age without having access to the internet conducting any type of business is almost impossible.
Cybercrime to some, may seem like a non-existent threat, whether that be due to generational differences or not. Many within the construction industry are not near as protected as they should be. Making it an easy life for even the most novice of attacks.
Take a look at how you can best protect your company and also what a former hacker had to say when we asked, why cyber criminals would target construction companies?
Cybercrime in Construction
Recently the construction index released an article detailing a survey that had been conducted showing both small and large construction companies being targeted by similar rates of cybercrime – despite larger companies spending far more on the provisions of IT security than smaller companies.
If you don’t take the risk of literally losing your customers data, your company data and confidential data seriously you could find it’s not just you that has access to company accounts, trading and shipping accounts, personal accounts and customers’ accounts – to name just a few.
Accounts, means all and any type of account, ranging from bank accounts, personal bank accounts, personal employee details, tax details and numbers and various other forms of ID, for example.
There is a huge and very valuable market on the dark side, daily trading in hacked information. Many within the every-day world have only ever seen one type of internet.
The type we all access using search engines like Google, Yahoo and Bing – the surface web. Darknets exist, a type of internet the general joe can’t access, Darknets and the Deep Web are not going to go away – it was here before the surface web.
What are Darknets and the Deep Web?
The Deep Web, is like an anonymous internet of net connected stuff that isn’t discoverable by search engines or traceable – in essence the underbelly and underground of the internet.
Not like the surface web – we all use daily.
It’s where activists of all types, rouges and those looking to buy, sell or trade illegally or perhaps hide their money trails, tracks and deceit operate. Some also use it on a business level to infiltrate competitors or whistle blow anonymously or reach out to certain mediums for certain things.
Darknets are essentially small niches of the Deep Web, designed to deliberately hide from the crawls of robots and the prying eyes on the web.
The general Joe can’t just type in an address and access, the Deep Web is accessed only by the use of specifically designed anonymising software known as a TOR. Even then, you need to know how to get anywhere, its not like Google.
Everything is hidden in blind spots and its not a place most people visit – nor should it be due to the types of serious activities and markets that are there.
Providing you have the ability to access that is. Real marketplaces do exist that trade in stolen information, big money, big demand, as shown below.
What a Former Hacker Had to Say…
We asked a former hacker why construction companies would be a target for cybercrime,
“Take it from those that know the value in this type of information, it can be sold in a heartbeat, traded using untraceable, cryptic currencies.
“Information like company bank account details, personal bank accounts, names and addresses, history of addresses – are all high value types of information that are highly sought after in markets and facets of many darknets.”
“The demand and the money this type of data can be sold for is breath-taking.”
“A hacker or hackers may seep information over a length of time, gathering up a bank of details, quietly opening up accounts or taking credit in the name of the victim or selling the person’s identity in even darker markets.”
“There is another world that many are not willing to accept is real and here.”
“For as long as there are advances in protection there are as many, just as fast, happening in infiltration.”
“Here is a prime example of ability, aptitude and access – just a few days ago the Japanese Osaka Education server that held 444 schools ranging from junior schools to high schools was taken offline by one of its own frustrated students.”
We asked who is most at risk of being targeted by cyber criminals and hackers?
“It’s BIG business; every company relies on storing information – that information is valuable. Stored on computers, cloud servers, private servers.
“You don’t even have to be connected or in a group, just know how, where and have the access and ability. Which there are now three generations of, that will target any type of company, not just construction.”
“The older and smaller a company is the better target they are. Why?”
“Because it’s more likely to be supported by no IT admin (or not a very alert one), have free anti-virus on dead beat old machines that are bagged up with malware anyway – so literally a wide open door”.
“These types of companies are a walk in the park for even the most novice of hackers. An email with a root kit in it would more than likely do the trick.”
“On the other hand, there’s those that have invested in the hardware, got themselves an IT company that have left out the fact the users, machines and download activity of users – needs updated, monitored and restricted”.
“Resulting in Christmas day for hackers and an endless payday.”
“That costly IT investment has just given access to an entire network and group of companies all working off cloud servers or physical servers – worth billions.”
“This is why larger companies have reported they are having the same levels of crime as smaller companies – you are both a target.”
“The larger companies may not be as naive, but they are in some ways as they are expecting to be secure because they paid someone to do it. Just because they said it’s secure, doesn’t make it secure if you don’t protect and restrict at the user’s end.”
What type of hacks should we be protecting ourselves from? we asked,
“It’s not just hacking emails and stealing information to sell that’s on the agenda, it’s anything. Look at the world we live in, we rely on being online – but who are we really dealing with, are they who they say they are?”
“They might have been yesterday.”
“Take a look at Dubai construction firm CMC Machinery, who’s representatives email was hacked, hacker pretended to be the rep, contacting a customer to extort money.”
“Back in the 90’s there was a bug dubbed the “Lotus 1-2-3 bug” that was generated in excel spreadsheets – by error totally unintended.”
“But, hackers soon saw and used it to get financial data and into stock trading systems, forcing stock prices to rise or fall at their will.”
“If companies don’t value their data, then why not?,
It’s their own stupid fault.”
“You wouldn’t expect all the goods in your shop to still be there in the morning if you left the door wide open, so don’t expect the same with your data.”
“There is no protection that can prevent human stupidity. Believe me, hackers are nothing if not persistent. Where the general joe will walk away and quit, the hacker will trick, game, bypass, brute force and find any way they can to get to their objective. Every angle will be taken, any identity will be dawned.”
Prevention is Better than Cure
Like with many things in life, prevention is better than cure. Cybercrime can take place in any way, shape or form.
The biggest threats we face in the current day and age of cybercrime, are not just based around a computer’s antivirus or lack of updates.
That is only a mere part of the picture.
From extortion hacks as mentioned above to attacks that manipulate or change data.
The type of hack has indeed evolved from being impersonations to full on infiltrations. Take for example the notorious Ashely Maddison hack of 2015, an epic exposure of an online dating site exposing millions of would be cheaters, which took down the CEO.
Followed swiftly by, the trident hack attack of the InvestBank in the UAE, exposing customer account information – another extortion hack. Data sabotage is another that all companies need to be prepared for over 2016 and 2017.
Not quite so easy to detect, due to alterations being slight yet having enormous implications and consequence. Just think how changing a few numbers can effect an account balance, image that account was a multi-billion trading account.
In Summary
Steve Snaith, head of technology risk assurance at business adviser RSM said:
“It’s very clear from this report that incidences of online crime against construction premises are going largely unreported.
“In the past, cyber-crime may have seemed like a remote existential threat, but it is increasingly common and construction firms need to take it seriously. As a minimum, every company, regardless of size, should have anti-virus or anti-spam software together with robust security update procedures.
“Other areas of importance include, in particular, the need for an internal staff education process regarding cyber risk awareness. Additional measures such as data security policies, restrictions on email or internet use by staff or encryption software can also provide helpful protection.”