A game of cat and mouse
The speed was breathtaking, the spread was global, the impact potentially catastrophic. The WannaCry ransomware attack was like nothing seen before.
Within the blink of an eye, a mere four-day period in May 2017, a cyber attack spread to 150 countries, affected more than 300,000 computers and caused billions of pounds of damage.
The NHS was famously hit hard by the ransomware, a type of digital virus that hijacks users’ systems unless a fee – the ransom – is paid.
There were 48 NHS trusts whose systems were seriously affected, forcing patients to be turned away.
Luckily, security experts discovered how to kill the virus, but the damage already wreaked was profound.
Podcast: Cyber security research, resilience and training
WannaCry is just the tip of an ever-growing iceberg. Cyber attacks take place every day, from the malign to the malicious. If people weren’t taking note of their cyber security before, they are now.
Failing to prepare is preparing to fail – everything and everyone now depends on computers.
It is against this backdrop that the £6m GM Cyber Foundry was launched.
Led by Manchester Metropolitan University, with Lancaster University, the University of Manchester and the University of Salford, the GM Cyber Foundry will give the region a suit of cyber armour, providing businesses in Greater Manchester with the weapons to fight back.
Cyber attacks pose a £860m risk to the region’s businesses each year, as estimated by the Lloyds City Risk Register. Such is the prevalence of computing systems in commerce, the Foundry will work with all types of firms – from bricks-and-mortar retailers to digital specialists.
The GM Cyber Foundry is a key piece of the jigsaw puzzle for Greater Manchester: the Government Communications Agency (GCHQ) is opening a site in the city next year and the Greater Manchester Combined Authority (GMCA) has the Digital Strategy 2018-2020 to steer its ambitions.
We can use our research strengths in cyber security to increase resilience against current and potential future threats
Keith Miller (pictured below), Head of Strategic Partnerships in the School of Computing, Mathematics and Digital Technology at Manchester Metropolitan and academic lead on the GMCA digital steering group, said: “As we saw with WannaCry, cyber attacks can have enormous fall out and are indiscriminate.
“The opportunities through new technologies – smart devices, the Internet of Things (IoT) and Industry 4.0 – are unparalleled. Cities that can take full advantage will thrive, but with opportunity comes threats.
“We can use our research strengths in cyber security to increase resilience against current and potential future threats, in order to create a safer trading environment in the city region thus enabling business growth.
“How do we protect Greater Manchester’s commerce? How do we train SMEs? What is the latest research and how can it be applied? What are the new threats on the horizon?
“The GM Cyber Foundry will play an integral role, maximising the strengths of each of the universities and translating that into effective solutions for businesses.”
Each university will bring different expertise to the table: improving cyber security in blockchain and IoT applications; enhancing security of cyber physical systems; increasing encryption efficiency; increasing cyber threat intelligence in systems; improving ‘cyber hygiene’ to maintain online security; and improving the design of security systems to help users.
The Greater Manchester digital economy is the largest cluster outside London, generating £4.1bn each year and employing 82,000 people. The GMCA digital strategy states that it ‘is fundamental to GM’s current and future international competitiveness.
Councillor Andrew Western, leader of Trafford Council and Digital City Region lead for Greater Manchester, will be spearheading, among other things, the £24m investment to see the city region reach its target of 25% full fibre broadband coverage.
“Cyber as a sector is absolutely critical,” he said. “If we are serious about being a digital city region that is globally recognised, we need to know that our businesses are working in as safe an environment as possible.
“The work that has been done with the Cyber Foundry is fantastic. It’s making excellent use of our academic expertise to support businesses – not just in the digital sector, but across all sectors where we are seeing increasing use of digital technology to boost productivity and improve service delivery.
“It sends an important message about how seriously we’re taking our digital ambitions. There’s so much going on in Greater Manchester right now, and the Foundry is really going to add to what we can do in the region in the way it commercialises the academic excellence that we have got.”
Shoring up the defences
In the fast-paced game of cyber security, to be forewarned is to be forearmed. Cyber threats are constantly evolving.
It is a never-ending game of cat and mouse. A game that researchers at Manchester Metropolitan are at the forefront of.
Dr Mohammed Hammoudeh, Senior Lecturer in Computer Networks and Security, is working with the government to develop new ways to protect computer networks.
By sneaking in through one computer – via an innocuous looking email or a basic password – hackers can spread out through the network like tentacles.
This can compromise sensitive customer data and damage reputation. A cyber attack on British Airways earlier in 2018 may have affected up to 380,000 sets of customer payment data.
Additionally, Dr Hammoudeh is working with SMEs to build secure IoT systems and smart cities. Think energy meters, fitness watches, baby monitors, fridge freezers, smart roads, plug sockets. Everything talking to everything.
He is also working with pharmaceutical companies to develop IoT technology that tracks prescription drugs throughout the supply chain to ensure fake drugs aren’t sold to consumers, using new technologies such as blockchain.
“My view is that cyber threats will continue to intensify. We will see more data breaches, we will see more successful larger-scale attacks,” said Dr Hammoudeh (pictured above).
“There are no magic solutions to counter the wide variety of potential threats. People have to be more cyber aware.”
Network protection tends to have anti-virus and anti-malware software operating centrally, pushed out to all computers in a network. If that fails and the hacker gets in, they can snoop around the whole network.
But a new technology called ‘zero-trust security’ could change that.
Dr Hammoudeh has government funding to develop zero-trust security in which every device has its own robust protection.
In the traditional model, a network has a defensive wall around all computers. In zero-trust security, each computer in a network has its own wall, so when one goes down the rest still have their walls up.
He said: “The zero-trust project aims to prevent lateral movement where attackers penetrate the network perimeter and establish a foothold inside the network while flying under the radar of classical security defences. By bringing security closer to the end device, attackers will not be able to move laterally to other systems to look for opportunities to gather additional data.”
Dr Hammoudeh added: “There are so many threats introduced by IoT. Usually it was ‘the hacker stole my credit card details and it affected my money,’ but now I need to be worried about my physical security from cyber attacks. More and more medical devices are impacted, heart pacemakers for example.
“Even at the personal level, hackers can open smart locks on cars or homes. The more objects we connect to the internet, the more threats we face.”
The everywhere internet
Dr Rob Hegarty has worked with police to map social media networks, helping officers trace people through platforms such as Facebook.
He has also developed software which helps trace Bluetooth devices in a given area – a ubiquitous technology found in smartphones, fitness watches and computers. Bluetooth will underpin a host of IoT technologies and, like all software, is open to abuse.
Protecting personal and commercial data through IoT systems will be integral to Greater Manchester’s digital and smart city aspirations.
Dr Hegarty (pictured above), Senior Lecturer in Cyber Security and Digital Forensics, said: “Low-energy Bluetooth should randomise its ID in broadcast mode but often that’s not the case and you can track and trace what people are doing. This has big implications for IoT, which will communicate in parts via Bluetooth.
“There is a massive race to market with IoT devices to get it out there before other companies do. So if people are developing new products, let’s make sure they are secure. The GM Cyber Foundry can help Greater Manchester’s companies build these protections.”
Something as simple as education can have a massive impact on companies looking to beef-up security. The US military recently issued guidance to service personnel on fitness watches because the GPS location data uploaded to fitness websites was providing de facto maps of US military bases.
Teaching cyber security
To keep Greater Manchester’s companies safe, SMEs need the next generation of cyber security operators. The digital economy is only as strong as its weakest link.
At Manchester Metropolitan, cyber security is taught on undergraduate computer science programmes, the MSc in Cyber Security and on degree apprenticeships.
“We’re doing everything that we can to make Greater Manchester a world-leading digital city region. Firstly, we’re helping businesses succeed and thrive so that we are an attractive place for global companies as well as local start-ups,” said Cllr Andrew Western (pictured below).
“Secondly, we’re making sure the public sector is benefitting from that and is adapting to digital technology. And, thirdly, we’re making sure we have got the talent pipeline in place to make sure that we can furnish those businesses with the people they need.”
The University is also a key partner in the Institute of Coding, a national collaboration of universities delivering the industry-ready skills for students, businesses and the public sector.
Dr Hegarty has seen a huge increase in the demand for forensic and cyber security teaching.
“We have an ethical hacking society that is student-led, and we teach lots of different techniques on hacking and system defence,” he added.
One of the beneficiaries of this hands-on cyber security training is alumnus James Maude who graduated from the BSc (Hons) Forensic Computing degree in 2012. He now works at accountancy firm Deloitte in its cyber team, helping clients to understand cyber risks and become more resilient.
He said: “The Forensic Computing course provided a great basis for working in cyber security as much of the content was based on real-world investigations of cyber crimes.
“The practical elements contained within the course gave me a number of practical skills in network traffic and operating system analysis, which immediately proved useful in cyber security roles.
“The breadth of the content covered in the course was really interesting and meant that you not only developed a good knowledge of your specialism but a broader knowledge of everything from discrete mathematics to operating systems architecture.”
He added: “The topic of cyber security is so high on everyone’s agenda at the moment that there is a really wide range of activities going on at any one time.
“As the largest global provider of cyber security consulting, the importance of cyber security to Deloitte and their clients is huge. Deloitte is currently investing £430m in bolstering their cyber security defences and really instils cyber security and vigilance into all aspects of the business.”
Bitcoin and the Dark Web
New technologies developed in recent years include cryptocurrencies – such as Bitcoin – and the dark web. But what are they? Will they benefit us or are they a threat?
Senior Lecturer Dr Thomas Martin (pictured below) is a researcher looking into both.
The dark web is essentially anything that doesn’t show up on a search engine result, but more infamously they take the form of ‘onion’ sites, accessed using Tor (The Onion Router) software.
If you log on to Facebook or complete a Google search, it is easy to see the connection being made. It’s clearly visible that person X is logging on to website Y.
Not so with the dark web.
In a normal web browsing scenario, it is akin to a person being on one side of a park, walking and giving a letter to someone at the other end of the park, with someone watching in the middle. We know those two people are talking via letter because the person watching has seen it happen.
In the dark web, the first person in the park will get the letter to the final person – but its journey is somewhat more complex.
The letter is sent through a chain of people before it reaches the final person. And the final person is no longer in the park. The person watching in the park can see the first person send the letter, but the letter has now bounced through a hidden web of people and the final person cannot be seen. Its destination and journey is unknown – it is anonymous.
In the dark web, a series of intermediary relays masks a computer’s connection so what the user is accessing, selling or saying, cannot be traced. Additionally, onion sites, where the dark web is hosted, can only be accessed with this type of relayed connection via Tor software.
The dark web is home to online ‘marketplaces’ where people can buy illegal drugs – among other nefarious elements, but equally it provides a safe communication channel for people living in repressive regimes.
“The dark web is a threat to our infrastructure – these marketplaces are the wild west with no laws,” said Dr Martin.
“We are at the end result of an arms race between people trying to get privacy and law enforcement trying to capture criminals.
“We have a situation where there are people who can buy and sell malware. Using traditional methods, there is no way to identify who they are or stop what they are doing.
“The dark web can provide an ecosystem that can support hackers buying and selling data that is captured from companies, which is more valuable than the hardware it is stored on.”
The dark web marketplace is powered by cryptocurrencies to complete transactions. Cryptocurrencies are digital money formed by a complex mathematical formula, a necessary part of the blockchain, which can only be solved with massive computing power. Solve the mathematical riddle, and you are awarded a cryptocurrency in an action known as ‘mining’.
Free from central bank control, a digital currency, such as Bitcoin, is stored in a digital wallet on a computer.
Their value in exchange with US dollars or pound sterling has fluctuated widely in recent months, but they can provide criminals with untraceable digital money. The WannaCry hack attack demanded cryptocurrency as its chosen method to ‘unlock’ computers and data from the ransomware.
“Malicious uses are very well known,” said Dr Martin.
“There have always been ways to make money by capturing credit cards and bank details online, but that’s not guaranteed for a hacker.
“There is more and more incentive to find vulnerabilities. The NHS ransomware attack WannaCry had the potential to make a lot of money.
“We need the corresponding effort to protect SMEs and companies from these attacks.”
Indeed, the rise in these new technologies has changed cyber criminals’ tactics. Rather than stealing your bank details, criminals are stealing control of computers.
Cryptojacking sees cyber criminals behave like parasites across a network of machines, sucking up its computing power to mine more cryptocurrencies without users’ knowledge.
Ransomware: a type of malicious software that threatens to publish the victim’s data or blocks access to it unless a ransom is paid
Malware: is any software or file that is harmful to a computer and includes computer viruses, worms, Trojan horses and spyware
DDos: A distributed denial-of-service (DDoS) attack occurs when multiple computers flood the resources of a targeted network, usually one or more web servers
Internet of things: the interconnection, through the internet, of computing devices embedded in everyday objects, enabling them to talk to each other
Cryptocurrencies: an alternative and digital-based currency using decentralised control as opposed to centralised digital currency and banking systems
Blockchain: is a growing list of records, called blocks, which are linked using cryptography and underpin a transaction ledger for cryptocurrencies
Cryptojacking: is the unauthorised use of a computer by cyber criminals to mine cryptocurrency
Dark Web: The dark web is part of the internet that isn’t visible to search engines. It needs specialist software to be accessed, an anonymising browser called Tor
Tor: The Onion Router. First developed by the US military, it directs web traffic through a network of relays to mask a user’s location and which websites are being accessed
GCHQ: The Government Communications Headquarters, a UK intelligence agency dedicated to cyber security and information assurance that is opening a Greater Manchester site
Phishing attack: Phishing is a type of cyber attack used to steal login credentials or credit card numbers, often via fake emails
Full fibre broadband: A super high-speed internet that takes highspeed cables directly to premises