Less than two weeks ago, one of the biggest sorting facilities of mail in Northern Ireland was attacked.
The attack was sinister, likely calculated and its timing raised suspicions. The attackers demanded a ransom and rendered operations completely inactive causing widespread disruption and chaos.
The attacker? Well, they weren’t armed with guns or explosives — in fact, they likely never left their bedroom.
With a few clicks and some heavy duty malware at their disposal, the reportedly Russian-linked criminal gang LockBit managed to render a Royal Mail sorting office quietly tucked away on a road in Mallusk as non-functional.
“The entire operation has been wiped out by a cyber attack,” a source told the Belfast Telegraph last Tuesday, providing a photograph of an orange piece of paper which had spurted out of the facility’s printers.
“LockBit Black Ransomware. Your data are stolen and encrypted” it read in what appeared to be slightly broken English. “The data will be published on TOR website” it continued, followed by a long URL consisting of random letters and numbers.
Shortly after the Belfast Telegraph published reports the Mallusk depot had been compromised, national outlets like The Guardian and The Daily Telegraph began reporting Royal Mail had been subject to a computerised attack.
It appeared one of the world’s most famous delivery services had been subject to a cyber attack, the now go-to act of criminal activity which can be carried out at the click of a few buttons.
While the exact route of Royal Mail’s ordeal is currently unknown, the most common method used by cyber criminals is phishing, often in the form of an email sent to an employee containing a link.
Once the link is opened, it allows the sender to gain access to the employee’s computer device, which likely has company software on it.
Once clicked, you essentially have handed over your entire device’s operating system to a hacker and once they enter, it can be extremely difficult to get them out.
Frequently, hackers will encrypt the files stored on the device, rendering them inaccessible. This is done by changing the digital composition of the files (or the entire device) meaning certain codes or passwords are needed to release the files or restore them back to their former state.
The ransom element is when hackers will then offer the chance to unlock the files for a lump sum of money, normally paid via cryptocurrency (an untraceable form of payment meaning the criminals behind the act cannot be found via their digital footprint.)
If the payment is not sent, gangs will threaten to distribute the data they have stolen — often to the highest bidder. Royal Mail’s chief director has since denied personal data (including addresses) was compromised in the most recent attack, but the perception that data may have been stolen is often used in negotiations.
It’s often the case with compromised companies — the fear hundreds of thousands of people’s personal and private information has been stolen is worth more than proof it’s actually been taken.
It may seem strange for an attacker such as LockBit to leave a calling card identifying themselves or even stranger, a link which effectively brought users (and authorities) to the database of the purported data they had stolen. But gangs like LockBit — who initially denied involvement as Royal Mail is reportedly not listed on their list of ‘targets’ before a ‘spokesperson’ effectively revealed they were involved — don’t care about leaving a trace.
It’s also not the first time LockBit have acted in this way. Last year the criminal gang, who also rent out their malware to their affiliates to carry out attacks and take a generous 20% commission of any financial reward, carried out attacks on the Port of Lisbon, the Toronto-based Hospital for Sick Children (despite previous insistence they don’t attack healthcare institutions) and the Housing Authority of the City of Los Angeles.
These notable attacks now join a range of others, including last year when the National Health Service was compromised. Hackers targeted the company Advanced whom the NHS used to operate services such as out-of-hours appointment bookings and emergency prescriptions.
This caused widespread outages across the health service, but the NHS maintained no evidence patient information or confidentiality had been compromised.
As the digital revolution came, so did digital crime, and now cyber attacks are something companies across the world, no matter their size, now fear especially if you hold the most prized possession of all — data.
“It’s all about making money,” said Professor Marie O’Neill, the director of The Institute of Electronics, Communications and Information Technology (CSIT) at Queen’s University and renowned international expert in cyber security.
“Data is sold online to other people to make money. Look at it this way, some people may notice strange charges on their credit card, and think, ‘Oh, where was I last week?’
“But in all likelihood it wasn’t last week, but six months ago when those details were likely stolen and sold alongside 10,000 others, and now it’s being used after someone has figured out a way to extract money from the data.”
The ability to ‘rent’ malware programs has now made the ability to carry out attacks a lot easier. You no longer have to learn the process to carry out cybercrimes, you can just hire someone do it for you.
“Criminal enterprises no longer need to have the capability to carry out these attacks,” continued Professor O’Neill.
“You can buy ransomware as a service, and that’s the difference between now and ten years ago, you can just buy it in. No one can say they are 100 per cent secure, it’s just not possible, and lots of these things are socially engineered.
“You can have Fort Knox, but all it takes one person to get one phishing email. It’s easy to say, ‘Oh, I wouldn’t fall for that,’ but anyone can.
“We are starting to see more of these random type attacks that hit Royal Mail and it is frightening to think these are concerted campaigns with criminal enterprises behind some of these attacks.”
Professor O’Neill says despite Northern Ireland making the headlines for its association with cyber attacks, it can pride itself in being in a top “eco-system” of countries leading the fight against their dominance.
“We’re actually regarded as one of the top cyber eco-systems both in the UK and even globally, having been recognised in reports from the Royal Society for our work in academic in the field and with companies.
“We have a cyber essentials program, which any size of company can use to help protect themselves, you don’t even need [to be] the major know it all of all things cyber.”
She says the battle is no longer about ‘prevention’ but rather ‘reaction’. With technological advances made every day, it’s no longer viable for companies no matter their size, to only look at ways to prevent their systems becoming compromised. All it takes is one employee to click a phishing link in a convincing email.
“I think movies have made it seem like this really complex art to actually carry out these attacks and it’s technologically complex but the majority of attacks are not through some technological breakthrough of hacking through a system, it’s almost always through social engineering.”
Professor O’Neill also said she’s aware of ethical hackers (an authorised attempt to gain unauthorised access to a computer system) in her field of work where the ‘hackers’ have been able to get access through methods such as eavesdropping on conversations or finding passwords written on pieces of paper.
“Some of the weakest links are people’s practises, like default passwords and codes which are at least changing because of legal guidelines and practises which no longer allow these methods, because it was one of the easy way to gain access — you gained access to one, and then had suddenly had access to many.
“Now it’s about response, and how quickly you can recover after an attack and what steps you can take to make sure the attack is as minimum as possible. Lots of companies in Belfast have already started doing this; it’s all about security in depth.
“I do think there are simple ways for a company to maximise their cyber security health and welfare that sometimes they are not aware of. It’s less about prevent, prevent, prevent, and more about recovery.”
Maximising the ability to combat attacks quickly is why Professor O’Neill is now involved in the development of a new generation of cyber experts in the field.
The soon-to-be launched Cyber-AI Hub, which is hosted by CSIT at Queen’s, will aim at developing “exceptional research, skills and innovation across a range of cyber related themes”.
Aided by funding by the UK Government from the New Deal for Northern Ireland, the new Doctoral Training Programme will present a hub for industry collaboration and skills development, bursaries for students to join Queen’s MSc in Applied Cyber Security or Artificial Intelligence, as well as a report mapping the growth and development of the cyber industry in the region.