Why DNC Hack Should Serve as a Harsh Lesson for Businesses​

The recent revelation that Russia may have hacked into the Democratic National Committee’s (DNC) email database has brought the topic of Advanced Persistent Threats (ATPs) back to the forefront of cyber security experts around the business world.

According to a report by on Reuters, U.S. Democratic presidential candidate Hillary Clinton has stated that Russian intelligence services were behind a sophisticated attack that saw thousands of internal emails stolen. Although these accusations have been refuted by Russian officials, the issue remains unresolved which is significant for two reasons.

Firstly, even if the Russian’s aren’t involved as Israel’s intelligence forces suggest, the latest hack shows the danger ATPs can pose to powerful government agencies. Secondly, if a major entity like the DNC has trouble dealing with ATPs, then businesses around the world need to take the threat extremely seriously.

Given the complexity of an ATP, big businesses are usually the target for hackers and any company that falls victim to an attack can find their bottom-line in serious trouble. As outlined by the Ponemon Institute’s 2015 Cost of Data Breach Study, the average financial impact of a breach is now $3.79 million. Surveying 350 companies in 11 countries, the study found that the cost of an attack had jumped 23% in two years.

A Three-Stage Threat

Analysing the basics of an Advanced Persistent Threat (ATP), Imperva Incapsula breaks down a successful attack into three stages:

  • Network infiltration
  • Expansion of the attacker’s presence
  • Extraction of amassed data

Using a combination of malicious uploads (such as SQL injections), Trojans and backdoor shells and then DDoS attacks (to act as a distraction), hackers can enter and extract data from a target site virtually undetected. Indeed, one of the reasons ATPs are so effective is that the distraction tactics often mean the real threat isn’t discovered until it’s too late.

By this point, the victim is forced to piece together a myriad of information in order to track it back to the attacker. Indeed, this is something the DNC is now facing. Even if Russian forces had something to do with the incident, it will take many weeks, and potentially, months, for the DNC’s security experts to determine the source of the email hack.

WAFs More Important than Ever

While political parties and governments will have their own means of protecting their servers, businesses wanting to avoid a similar fate should use web application firewalls (WAFs) to bolster their defences. When used in conjunction with security hardware, WAFs provide a vital layer of protection against ATPs.

By using traffic monitoring to guard against SQL injections, offering provisions for access control (restricting employee’s system access for their own protection) and more, WAFs can help protect businesses from ATPs. Of course, if the DNC can fall victim to advanced hackers, anyone can. Indeed, the DNC’s email breach should serve as a warning to all business out there, regardless of how secure they believe their systems are.

London-listed Highland Gold acquires Russian peer Bazovye Metally

UK-listed and Russia-focused gold miner Highland Gold Mining Ltd (LON:HGM) said on Tuesday it had acquired sector firm Bazovye Metally CJSC for USD212m (EUR165m) in cash.

Bazovye Metally has the mining and exploration rights to the Kekura gold deposit in the Chukotka region, northeastern Russia. Currently, a plant with annual production capacity of 150,000 tonnes is being built at the site, with commissioning scheduled for the second half of the year. It will operate through to the end of construction and commissioning of the main processing facility, supposedly by 2017.

In addition to the initial consideration, Highland Gold will also pay USD11m in the second half of 2013 to a contractor once the pilot plant is finished. The company intends to fund the entire transaction through a new debt facility of USD250m. The rest of the funding will be used for additional group operational working capital.

Russia’s anti-monopoly authorities have already cleared the acquisition.

According to Highland’s chairman Eugene Shvidler Kekura’s resource base will add to the long-term production profile of the company and is a strong foundation for its further growth.

UK insurance group Aviva agrees to sell Russian life and pension arm

UK insurer Aviva plc (LON:AV) on Wednesday said it was disposing of its Russian life and pensions business to local non-state pension fund Blagosostoyanie for EUR35m (USD46m) in cash.

The deal is in line with Aviva’s plans to reduce its business and presence focus to the markets where it already has a top position, its chief executive Mark Wilson said in a comment.

According to Aviva, the price agreed with Blagosostoyanie is a slight premium to Aviva Russia’s IFRS book value.

Pending clearance from the Federal Antimonopoly Service (FAS) regulator in Russia, the transaction is expected to wrap up in the first half of this year, the vendor said.

London-listed Globaltrans to acquire Russian rival Metalloinvesttrans for $540m

Russian freight rail company Globaltrans Investment Plc (LON:GLTR) on Friday said it would take over Metalloinvesttrans LLC (MIT), the captive freight rail transportation operator of Russian iron ore producer Metalloinvest, in a cash- and debt-free deal worth USD540m (EUR410m).

With this addition, Globaltrans will boost its fleet to around 60,000 rail cars by mid-2012 and enhance its position as a top private freight rail operator in Russia, the buyer said, adding it would use own funds and secured debt to finance the transaction.

Increased scale and resources will help maximise efficiency and profitability, Globaltrans’ CEO Sergey Maltsev said.

MIT is a high-quality firm, which together with the service contract with Metalloinvest, offers Globaltrans a low-risk opportunity to grow and strengthen its market position, the CEO added.

Under the agreement, Globaltrans and Metalloinvest have sealed a three-year service contract for Globaltrans to handle 100% of Metalloinvest’s rail transportation cargo volumes in the first year of the contract for an agreed price and 60% in the other two years.

MIT, which operated 9,202 railcars as at 31 December 2011, manages rail logistics of Metalloinvest cargo volumes.

Metalloinvest will free up capital through the divestment, its CEO, Eduard Potapov, said. The group’s subsidiaries will also be provided with solutions that would allow them to use Globaltrans’ railcar fleet, he added.

Globaltrans, which will buy MIT through its fully-owned unit OJSC New Forwarding Company, expects to wrap up the deal by the end of May, pending regulatory clearance.

All Saints comes back from the brink

The retail giant, All Saints, may have found it saviours in a lucky escape from closing down many of it’s stores.

A last minute deal was pulled off rescuing 2,000 staff and keeping open all 62 stores and 45 concessions in Europe, America and Russia.

The fashion chain, best known for it’s vintage feel sitting at the higher priced end of the high street was on the verge of collapse after running out of cash due to ill-timed expansion.

Chief executive Stephen Craig held protracted talks with a number of investors who had left and amazingly at the last minute secured a deal with a consortium including private equity firms Lion Capital and Goode Partners for £105m.

The deal will be finalised next week and will give Lion takes 65 per cent stake, founder Kevin Stanford will retain 15 per cent and Goode 11 per cent. The management will share the remainder.