Hydro, the Norwegian aluminum giant under cyber attack

(To Alessandro Rugolo)

A few days ago (19 in March) the news was that one of the largest aluminum production companies, the Norwegian Hydro, suffered a cyber attack.
The attack conducted through the use of a ransomware, apparently aims to obtain a ransom.
During a press conference, the company's financial manager, Eivind Kallevik, announced that the attack is quite serious.

It seems that the virus has not had major consequences on production (which is hard to believe!) In fact some plants have been disconnected and others have been activated in manual mode.

The Norway's National Security Authority (NSM) in charge of assisting Hydro as well as providing help has ongoing investigations to identify those responsible for the attack. The ransomware used is known as LockerGoga and was used in combination with a direct attack against the Active Directory service. But it is still too early to be sure, at the moment it is only a matter of hypothesis.

Assuming the first hypotheses about ransomware are correct, let's see what TrendMicro tells us about LockerGoga. According to the computer security company the ransomware LockerGoga made an appearance recently (January) against a French engineering consultancy, Altran Technologies.

The first thing that malware does once infected a system is to change users' passwords, making it inaccessible, then it starts encrypting the files in the system and sends a ransom message to the screen. The use of different systems (from the payment of the ransom!) Will lead to the data being compromised.

It seems that LockerGoga does not have the ability to spread on the net unlike his relatives WannaCry e Petya/NotPetya, instead it has the ability to overcome the defenses put in place by many protection systems (sandbox e machine learning).
Updates can be read on the TrendMicro website.

Some considerations:
Once again a large company has been hit, which shows that having (at least theoretically) large resources does not protect against risk. What is needed is a security strategy and a careful use of human and non-human resources.

The company producing aluminum parts occupies a large part of the European and American market (around 20%), the attack had repercussions on the value of the shares but the greater damage will presumably be due to the need to slow down or stop production.

It seems that the ransomware does not make use of a chain of Command and Control, and this would therefore suggest that the malware could be controlled from within the Hydro network itself.

Once again it is necessary to highlight some problems that afflict our highly computerized world, but still far from being free from problems of all kinds.

The first consideration to do, not related to the fact itself, concerns the speed with which the software is produced and new features are released, a speed that has always been increasing over the years and that certainly does not bode well in favor of good execution.

The second concerns the complexity: often, wanting to search for simplicity of use by users (of all levels, for example by introducing graphical interfaces, etc.), has led to an exponential increase in the complexity of software (and systems in general), a complexity which, again once, it is the enemy of good functioning.

The third consideration concerns the general lack of expertise in the field of computer security, often highlighted within the European Union but which still has no solution, if it is true that university courses in computer security have increased, it is also true that there remains a certain distance between the latter and the industrial world.

Finally, in many countries, the lack of public financing in the sector strongly influences the development of a network of companies that are capable and ready to offer their security services to small and medium-sized organizations and companies, severely limiting the ability to develop skills. because of lack of competition.

It would also be necessary to reflect on the enormous growth of IT companies and begin to question the need to demand from them a greater professional seriousness in the release of software and systems.

Last but not least, it is necessary to begin to reflect seriously on the invasiveness of computer science in the current world, certainly not to try to limit it, which is now impossible, but to understand how to limit damage in case of cyber attack and how to guarantee a sufficient, alternative, level of command and control not based on digital technologies.

I imagine already that someone will be thinking: "Here, the return of paper, pen or typewriter and delivery service ... but where does this live?", Yes, in some cases the thing could be necessary and to work should be exercised regularly to preserve a knowledge that is disappearing.

To learn more:
- https://www.bbc.com/news/technology-47624207
- https://www.bloomberg.com/news/articles/2019-03-19/hydro-says-victim-of-...
- https://www.reuters.com/article/us-norsk-hydro-cyber-security/norway-say...
- https://www.thelocal.no/20190322/norways-norsk-hydro-hit-by-ransom-cyber...
- https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/what-you...