That’s the message Britain’s National Audit Office has for the NHS and Department of Health, according to after concluding their investigation surrounding the ransomware outbreak the organizations experienced in May.

Crippled by the “Relatively Unsophisticated” WannaCry

According to an independent investigation, “basic IT security” could have avoided the calamity that resulted in 19,500 medical appointments being cancelled and 600 computers associated with surgeries being locked.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Prevention Was Possible

88 out of 236 health trusts in England had an “on-site cybersecurity assessment” performed on them by NHS Digital prior to the attacks taking place. These assessments identified vulnerabilities and recommended remedial actions that unfortunately were not followed.

Identify Vulnerabilities then Act!

The experience of the NHS and Department of Health provides an instructive lesson in how not to handle cybersecurity. The key to preventing breaches and securing networks is to identify vulnerabilities and then eliminate them before they can be exploited.

Konsultek offers a variety of vulnerability assessments to help organizations of all types and sizes identify their network vulnerabilities. These vulnerabilities are then eliminated as part of the customized security solution that is put in place. If your organization hasn’t undergone a pre-emptive vulnerability assessment, it is not too late! The information you learn could prevent a breach and as we always stress, prevention is far less expensive than cure when it comes to cybersecurity.


read more

Yesterday reported that they had in their possession a report from FireEye which shows that North Korean hackers have been spearphishing electric utilities in the US.

We can only assume that such campaigns are being launched in an attempt to gain access to the grid with the intention of possibly disrupting it. We reported on just such a scenario just a month ago in our blog post Hackers Appear Ready to Turn Off the Lights.

North Korea has proven itself to be a vexing cyber opponent and has been a continual source of concern for neighboring South Korea for years.

Safe and Reliable Delivery Unaffected

Scott Aaronson, a top security official at the Edison Electric Institute, an industry trade group, said in a statement:

“Phishing attacks are something that electric companies prepare for and deal with on a regular basis, often in coordination with security experts and industry stakeholders. In this case, the delivery of safe and reliable energy has not been affected, and there has been no operational impact to facilities or to the systems controlling the North American energy grid.”

While this appears to be technically true, as reported previously, hackers seem to be closing in on the capability to disrupt the grid.

As Goes the Grid Goes the Economy

The prospect of a large scale power disruption is scary on both a personal and professional level. However, taking one step back and surveying the potential harm to the larger economy is even more frightening. We’ve been reporting on the estimated harm of the Petya virus, cumulatively likely exceeding $1 billion dollars across just a handful of companies. What would be the economic impact of having large portions of the power grid go down for 12 hours? A day? A week?

Why Hasn’t it Happened Yet?

According to Stuart Madnick in an insightful piece on, there are three conditions necessary for an attack such as this to occur:: opportunity, capability, and motivation. We have on this blog alone provided enough evidence of opportunity and capability and the increasing tensions with North Korea may just be setting the third requirement, motivation into place.

Be Prepared

Holistic cybersecurity solutions like the ones we develop at Konsultek consider not just what impact a targeted attack might have but also what might happen if a larger disruptive event might occur. As with all aspects of network security, an ounce of prevention is worth far more than a pound of cure. If your current security provider is asking the tough “what if” questions perhaps its time you give us a call!


read more

According to Symantec hackers have recently gone far beyond past intrusions into the US power grid. Their analysis, as reported on, found that the level of compromise was so great that the attackers could have caused black outs to large portions of America at will.

Dozens of Energy Companies Targeted

The responsible hacking group that Symantec has dubbed Dragonfly 2.0 reportedly targeted dozens of energy companies and successfully gained access to more than 20 of the target networks, including a handful of US power companies and at least one in Turkey.

Hand on the Light Switch

In the past we’ve discussed the vulnerabilities of the US power grid and the worldwide concern that utility vulnerabilities posed.  These latest breaches raise the bar of concern because Symantec’s

forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.

Symantec is not naming the compromised parties and has been working with them to remove the operational access the hackers had achieved.

Winter is Coming

Certainly a large scale power outage will be disruptive to any organization, large or small at anytime of the year. However, with Autumn just around the corner and winter coming the discovery of this level of penetration should at the very least make anyone in northern climates take pause. How prepared are your business and employees to deal with a power outage in the middle of winter?

Here is how Eric Chien, Symantec security analyst describes the difference between this latest threat and those uncovered in the past.

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation. We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”

Konsultek Knows Security and Disaster Recovery

If this latest discovery of grid frailty has you pondering what an unexpected loss of power might mean to your organization, you’re not alone. Fortunately, Konsultek is well versed in outage prevention and disaster recovery and can provide the expert guidance you need to get prepared. Give us a call today to discuss our holistic approach to network security and disaster recovery.


read more

The sirens started at 11:42 p.m. Friday 4/7/17 and weren’t silenced until 1:20 a.m. Saturday 4/8/17. During that time millions of Dallas residents repeatedly had their dreams interrupted by no fewer than 156 tornado emergency sirens.

The alarms have a duration of 90 seconds per cycle and were activated 15 times during the cyberattack.

Hackers Were Local

What was at first described as a “malfunction” by officials was later deemed to be a hack of the emergency system. According to the Washington Post

“Officials have ruled out a remote hack — telling reporters someone gained physical access to a hub connecting all the sirens, which may not be turned on again until Monday as the city tries to figure out who, how and why.”

Critical Infrastructure Attacks Remain a Global Concern

Last January we reported that critical infrastructure vulnerability was a hot topic at the annual Davos conference and 15 months later the Dallas incident has literally and figuratively sounded the critical infrastructure alarm.

According to federal data, critical infrastructure attacks are on the rise. In 2012 less than 200 attacks were documented. By 2015 that number had risen to nearly 300.

Regardless of the intent of the hackers and regardless of the fact that the “hack” appears to have required physical access it serves as another example of how critical infrastructure can be compromised with apparent ease.

As Texas and federal officials continue their investigation it will be interesting to learn the motives, the details surrounding the vulnerabilities that were exploited and exactly how the hack was orchestrated.

Konsultek Knows Security

Our customized security solutions don’t stop with technology. A comprehensive Konsultek security assessment looks at all aspects of information and network security including human factors and physical security procedures. Is your information vulnerable? Let us help you find out. Call today to learn more about our comprehensive security assessments.


read more

In early January of this year we discussed how selfies were undermining the security of our nation’s critical infrastructure. Then in late January the nation’s infrastructure security was a hot topic at the Davos conference.

Well, thanks to the white hat hackers at Red Team Security it looks as though the vulnerabilty of our infrastructure is once again being discussed publicly.

So, just how vulnerable is the US power grid? Watch and find out!


read more

Last week we described how some workers at critical-infrastructure facilities were unwittingly undermining security by posting selfies to social media sites such as Instagram. The takeaway? Securing information and networks without literally “inviting” hackers in is difficult enough, so please be more careful.

Interestingly enough, according to a story in this week, world leaders attending last week’s Davos Conference are quite concerned about cybersecurity in general and with the vulnerabilities of critical infrastructure around the world in particular.

No surprise that critical infrastructure vulnerabilities would have a top-of-mind presence considering that a successful cyberattack on Ukraine’s electric utility grid had occurred just a few weeks prior.

That attack which took down a sizable portion of Ukraine’s power grid utilized the “Black Energy” malware according to the US Department of Homeland security. This is troubling on two fronts. First, because the attack was so successful and second because the same malware has been seen in the wild here in the United States.

The vulnerability of our own electric grid is such that General Michael Hayden, who served as director of both the NSA and the CIA, warned “of a darkening sky” over the U.S. power grid according to Fortune.

What If the United States Grid Goes Down?

On August 14, 2003 much of the north east power grid went black for a period ranging from 7 hours to upwards of a week. The cause was ultimately linked to a fallen tree branch in Ohio. Thankfully, being August, the loss of power was largely an inconvenience and not life threatening. However, if a calculated cyberattack were launched in conjunction with an already occurring natural disaster such as last week’s epic snowstorm, thousands could potentially lose their lives.

The economic impact of a successful large scale north east grid attack could exceed $1 trillion according to Lloyd’s of London. To put things in perspective, the cost of the 2011 earthquake and tsunami in Japan was just $300 billion, while the cost of Hurricane Sandy was estimated $100 billion.

Perhaps more troubling is that the Nuclear Threat Initiative’s lastest report indicates that many civilian nuclear power plants are vulnerable to cyberattacks.

Let Konsultek Help!

While you may not be able to prevent a large scale critical infrastructure attack you can prevent data loss and protect your own network. At Konsultek we specialize in developing custom security solutions that build upon world class hardware and software. Isn’t it time you took a fresh look at your security preparedness? Call us today to discuss innovative ways to making your network more secure.


read more

Sage advice especially if your selfie stick gets the urge when you’re at work. It seems that most folks don’t think much about what else beyond themselves might appear in their selfie and this can lead to security breaches when those selfies, videos or publicity photos are closely examined by those with more malicious mindsets.

Here are a couple examples courtesy of where innocent images divulged more than just a smile.

Back in 2012 the world was given a glimpse into the life of Prince William the RAF Search and Rescue helicopter pilot. Unfortunately it only took hours for those with keen eyes to spot the login details for the secure MilFlip system in the background.

Or remember when the 2014 FIFA World Cup security control room was photographed, where the Wi-Fi SSID and password (and an internal email address used to communicate with a Brazilian government agency) were clearly legible on the big screen. So much for security, eh?

Back to Selfies

Sean McBride, senior threat intelligence analyst at iSight Partners reports in an article on The Christian Science Monitor that he has found amongst other things online selfies posted to Instagram and Facebook that reveal details of critical infrastructure controls systems. More specifically, McBride indicates that these photos of SCADA systems (Supervisory Control and Data Acquistition) are revealing potentially sensitive information that shouldn’t be shared on the Internet.

Officially Sanctioned Media Just as Guilty

According to McBride the selfie stick isn’t the only offender. As reported in The Christian Science Monitor, iSight Partners researchers have also discovered panoramic pictures of control rooms and video walk-throughs of facilities. Corporate websites can offer a treasure trove of information for would be cyber-assailants as well. Employee contact information, images, videos, organization charts and other information can be pieced together to assist in a variety of attacks such as spear phishing.

“Intel to Die For”

Perhaps the most famous example of the perils of inadvertently publishing sensitive facility information comes courtesy of Iranian President Mahmoud Ahmadinejad’s press office.

The 48 images they published in 2008 were at the time described as “This is intel to die for,” by Andreas Persbo, an analyst in London at the Verification Research, Training and Information Center in a NY Times article.

Think Before You Selfie

The takeaway here is clear. In a world consumed with selfies and social sharing all employees, especially those involved in critical infrastructure, should think twice before snapping selfies and shooting videos while on the job. If you just have to document yourself be cognizant of who or what is in the background. For example, is that Post-It note on your peer’s monitor with his network access credentials in blue ink about to go hurling through cyber-space to a competitor, criminal or nation state?

It is difficult enough to keep hackers at bay when they have to brute force their way in. It is virtually impossible to keep them out when you unwittingly invite them in.

If you are interested in learning more about how custom prevention and detection solutions can help your organization navigate today’s connected world more safely, pick up the phone and give us a call. Or just hit us up on Instagram (just kidding!)!


read more