city

now browsing by tag

 
 

#cybersecurity | hacker | Election integrity preserved in fictitious city of Adversaria during Operation Blackout tabletop exercise

Source: National Cyber Security – Produced By Gregory Evans

On a sunny day last week during RSA 2020, a group of
journalists huddled in a vault in the San Francisco Mint, plotting to wreak
havoc and sow doubt on Election Day in the fictitious city of Adversaria.

Despite taking over traffic cameras, the governor’s Facebook account, the mayor’s Twitter account, plotting cyberattacks, developing deepfakes and crafting social media-base disinformation campaigns the Red Team: Kill Organized Systems (K-OS) hacktivist group’s efforts were successfully spurned by a team of competent do-gooders on the Blue Team: Adversaria Task Force, who were also gathered in a vault in the mint.

It was all part of a tabletop exercise organized by
Cybereason, a mini version of the three-hour event the company typically runs in
cities around the world to alert law enforcement, government officials and
first responders – who typically populate the Blue Team – to the many ways
hackers can disrupt elections and prepare them to respond at whatever attacks
might come their way.

“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia. With looming 2020 elections across the world the goal of Operation Blackout California was to examine and advance the organizational responsiveness of government entities to a hacking group’s attempts to undermine democratic institutions and systems of governance in the republic,” said Cybereason CSO Sam Curry, who led the Operation Blackout exercise. “Most election hacking discussions and exercises focus on the mechanics and minutiae of hacking election equipment or contaminating and violating the integrity of voter rolls. Cybereason’s exercise instead focused on everything else in the electoral system.”

The teams took five-minute turns, in which they were allowed
two actions and a development. Actions for the Red Team included gaining access
to city cameras, taking over social media accounts and news broadcasts while
development is a capability the team wants developed out during the course of the
exercise, such as the creation of a bot network to disseminate and amplify
disinformation. On the Blue Team, actions included assigning police officers to
a task; perhaps, deploying them to polling stations. The team’s development
might be spinning out a capability such as gaining assistance from a federal agency.

While the Red Team in the RSA exercise successfully created a troll network as well as disrupted traffic signals, made a plausible threat of a terrorist attack. Effectively used social media and developed deep fake videos showing voting machine malfunctions, the Blue Team countered along the way, shutting down construction sites, deploying police officers to polling stations and reclaiming social media. In the end, the White Team adjudicating the exercise, determined that the Blue Team won the day, thwarting the Red Team’s malicious efforts.

“Overall, the red team of hackers hijacked a news station and took control of other social media channels in the city, but the blue team of law enforcement officials was able to restore order. A press release was issued by the mayor and police chief dispelling fake news and disinformation,” said Curry. “While the red team did create some chaos, however, it wasn’t lasting damage and the blue team successfully defended the elections.”

Original Source link

The post #cybersecurity | hacker | Election integrity preserved in fictitious city of Adversaria during Operation Blackout tabletop exercise appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Opinion: Three Spurs players who were far from their best against Man City – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans Tottenham Hotspur recorded a famous 2-0 win over Man City this afternoon in the Premier League, leapfrogging up to fifth in the table. Goals from Steven Bergwijn and Heung-min Son sealed a delightful win and clean sheet for the Lilywhites against the current champions. However, a […] View full post on AmIHackerProof.com

#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Spike in Texas cyberattacks against municipalities has City of SA in constant defense mode

Source: National Cyber Security – Produced By Gregory Evans

SAN ANTONIO – Six months ago, cybercriminals attacked local government agencies in 23 Texas cities. The statewide attack brought the Lone Star State to the front and center of the discussion about cybercrime.

“Municipalities are always a target because we have very complex systems, broad responsibilities. Here in San Antonio, we have more than 40 departments and city services, almost 13,000 employees,” said City of San Antonio IT Director and Chief Information Officer Craig Hopkins.

Ransomware attacks in 23 Texas cities have officials taking preventive measures

Hopkins said he consistently prioritizes cybersecurity for those reasons and instead of training employees once a year, he sends out information once a month.

“Up to 95% of the incidents we have are usually driven by human error,” he said.

Hopkins teaches city employees about the main types of cyberattacks. He said “phishing” is the most common.

“Phishing basically says, ‘I want you to click on a link, and I want you to give up some information that you may not normally give. I can take over one account, and then I can impersonate you inside of your organization and move horizontally,’” Hopkins said.

He then explained a concept called “whaling.”

“Think of that as a big fish. People of a certain title, city manager, the chief financial officer — targeting them because if you can impersonate them, you can create influence over other people, so financial scams tend to come out,” Hopkins said.

Hopkins also warned about physical security, which can include people looking over your shoulder at confidential information, people calling your phone pretending to be someone else or people piggybacking into facilities where employees use an access card.

He said he could not go into specific technicalities of the city’s protective system, but he said all businesses should be taking preventive measures, especially agencies or companies with outdated systems.

Copyright 2020 by KSAT – All rights reserved.

Source link

The post #comptia | #ransomware | Spike in Texas cyberattacks against municipalities has City of SA in constant defense mode appeared first on National Cyber Security.

View full post on National Cyber Security

New Orleans Mayor: Ransomware Attack Cost City $7 Million

Source: National Cyber Security – Produced By Gregory Evans

The City of New Orleans ransomware attack has caused at least $7 million in financial damage & this figure is expected to grow, Mayor Latoya Cantrell says.

The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack’s financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.

Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.

A Closer Look at the New Orleans Ransomware Attack

The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.

New Orleans officials have taken steps to improve the city’s security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.

How Can Organizations Address Ransomware Attacks?

Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:

  • Perform regular IT security audits and penetration testing.
  • Deploy endpoint protection solutions across IT environments.
  • Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.

MSSP Alert Recommendations

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)


Return Home

Source

The post New Orleans Mayor: Ransomware Attack Cost City $7 Million appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI

Source: National Cyber Security – Produced By Gregory Evans

FLORIDA — As the FBI continues investigating the latest municipal cyberattack of Pensacola, the question for many officials is whether to pay or not to pay the ransom?

  • Pensacola dealing with cyberattack
  • 2019 bad year for cyberattacks in Florida
  • FBI and Cyber Florida experts say don’t pay ransom

FBI policy says no, but in the last year Florida attacks have netted millions in ransom.

The international statistics are even more alarming.

In 2019, reported payments made by six Florida municipal governments to hackers have totaled almost $3 million.

Most of these payments are covered by cyber insurance.

For example, Lake City officials said they paid $10,000 in deductible of an estimated $480,000 ransom insurance payment.

One city, Stuart, got off without paying the ransom because they had backed up their servers.

Over the summer, the Conference of U.S. Mayors passed a resolution to not pay ransomware.

They stated it “encourages continued attacks.”

Examples of other major cyberattacks the lesson learned is you end up paying anyways.

The City of Atlanta reportedly paid out $17 million while reportedly Baltimore paid $18 million.

Usually the cost to a city involves two categories.

There’s the cost of recovery and the cost of downtime of servers which studies show are 5 to 10 times the cost of ransom, according to a 2019 Coveware report.

 Cyber Florida, USF’s online security institute told Spectrum Bay News 9 there’s a reason not to pay, which is in line with FBI policy.

Cyber Florida officials said there’s no guarantee cities will recover completely after a cyberattack.

The Coveware report also found 2019’s cyberattacks have become more complex.

At the start of the year, downtime lasted about a week.

After the midyear, it’s up to a week and half.

Source link

The post #city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN

Source: National Cyber Security – Produced By Gregory Evans

INDUSTRY INSIGHT

How governments can streamline the adoption of smart city technologies

Spending on smart cities worldwide will reach over $34 billion in 2020 as cities adopt more connected technologies. From smart traffic lights that monitor traffic flow to smart grids that can make energy usage more efficient, such technologies can certainly improve the quality of life for citizens. Yet a staggering one-third of internet-of-things projects fail at the proof-of-concept (PoC) stage due to cost, security and scalability challenges. Cities must change and improve their approach to finding, testing and deploying smart technology innovations to effectively roll out such systems.

Here are three ways a dedicated PoC platform can help streamline, secure and scale the evaluation of new technologies.

1. It enables easier IoT integration and interoperability

When implementing smart city technologies, governments must consider how different technologies such as cameras and sensors will operate together in an interconnected ecosystem. The interoperability of systems is one of the most important components of a smart city. In a traditional PoC, each new technology would have to be tested individually against the existing system, but a PoC platform can automate much of the process and test all the technologies simultaneously.

A PoC platform can use artificial intelligence to replicate a virtual environment in the cloud. From there, the platform can simulate the same network behavior, including fluctuations in activity, latency and bandwidth from the original environment, to create the best possible testing ground for PoC evaluation. This PoC process allows CIOs and technology leaders to assess the interoperability and performance of the smart technology alongside the city’s existing ecosystem.

A centralized PoC platform running multiple evaluation processes can automatically compile results and data into a comprehensive KPI report, saving more time and effort. This makes it simple for governments to compare results to business and technical requirements, determine whether further testing is required and easily identify which solution can seamlessly integrate with existing systems.

2. It mitigates the risk of using sensitive data

The biggest risk of the traditional PoC process is the use of sensitive data. The sheer volume IoT devices, which will increase to almost 20 billion by 2020, means any cyberattack or data leak could have devastating consequences for a city and its citizens, as evidenced this year by the spate of ransomware attacks across the country. The lack of established standards and policies makes it even more risky for cities working with new vendors and products on interoperability. Granting a vendor access to private data and a city’s IT environment is a major security risk, but is necessary for PoC platforms to simulate an environment. Fortunately, there are tools that can safeguard information and secure the evaluation process from any malicious vendors.

By anonymizing or mimicking a small sample of data, a PoC platform can generate millions of records similar to the ones provided, giving the PoC environment a realistic set of data and without compromising security or privacy. This can effectively mitigate the dangers of data breaches since the generated information will be worthless while the sensitive data is anonymized and cannot be used.

3. It enables open innovation for large-scale projects

The pace of technological advancements means that cities will need to be constantly on the lookout for new innovations — whether it’s implementing visualization tools in Columbus, Ohio, or assessing 5G-powered drones in Raleigh and Cary, N.C. However, it’s important to ensure that any smart technology assessment has clear goals from the outset, as technology deployments risk failing due to the high cost of scaling, unclear ROI and the inability to justify the business case for the investment. A dedicated PoC platform can remedy these challenges by enabling governments to fast-track multitude vendor assessments at once, giving them more time to think strategically about how the solutions support broader business goals.

For example, a city’s evaluation of smart grid technology in a traditional PoC process could take a team months to complete. An additional few months would be required to ensure the technology securely integrates with its IT environment and develop a rollout strategy ahead of implementation. A PoC platform slashes evaluation time, saving precious resources and costs.

As urban environments transform into  connected systems, solving the inefficiencies of PoCs has become a necessity. Reinventing the PoC process with tools targeting the key components of integration and interoperability, security and scalability is a logical and essential step for governments to consider. With new technologies being introduced at a rapid pace, cities across the country are under intense pressure to keep up and can no longer afford to spend time on lengthy PoCs. 

About the Author



Toby Olshanetsky is CEO and co-founder of prooV.

Source link

The post #city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | Second Major Ransomware Attack in Louisiana Causes Significant Problems » The Merkle Hash

Source: National Cyber Security – Produced By Gregory Evans A good ransomware attack can cause significant problems. The city of Louisiana knows that all too well, as its problems have only just begun. The initial Ryuk ransomware attack against the Louisiana infrastructure dates back to November 18. Louisiana is a Ransomware Target Nearly two weeks […] View full post on AmIHackerProof.com

#city | #ransomware | Ransomware attacks shaking up threat landscape — again

Source: National Cyber Security – Produced By Gregory Evans

Ransomware is changing the threat landscape yet again, though this time it isn’t with malicious code.

A spike in ransomware attacks against municipal governments and healthcare organizations, coupled with advancements in the back-end operations of specific campaigns, have concerned security researchers and analysts alike. The trends are so alarming that Jeff Pollard, vice president and a principal analyst at Forrester Research, said he expects local, state and city governments will be forced to seek disaster relief funds from the federal government to recover from ransomware attacks.

“There’s definitely been an uptick in overall attacks, but we’re seeing municipality after municipality get hit with ransomware now,” Pollard said. “When those vital government services are disrupted, then it’s a disaster.”

In fact, Forrester’s report “Predictions 2020: Cybersecurity” anticipates that at least one local government will ask for disaster relief funding from their national government in order to recover from a ransomware attack that cripples municipal services, whether they’re electrical utilities or public healthcare facilities.

Many U.S. state, local and city governments have already been disrupted by ransomware this year, including a massive attack on Atlanta in March that paralyzed much of the city’s non-emergency services. A number of healthcare organizations have also shut down from ransomware attacks, including a network of hospitals in Alabama.

The increase in attacks on municipal governments and healthcare organizations has been accompanied by another trend this year, according to several security researchers: Threat actors are upping their ransomware games.

Today’s infamous ransomware campaigns share some aspects with the notable cyberattacks of 20 years ago. For example, the ILoveYou worm used a simple VB script to spread through email systems and even overwrote random files on infected devices, which forced several enterprises and government agencies to shut down their email servers.

But today’s ransomware threats aren’t just using more sophisticated techniques to infect organizations — they’ve also built thriving financial models that resemble the businesses of their cybersecurity counterparts. And they’re going after targets that will deliver the biggest return on investment.

New approaches

The McAfee Labs Threats Report for August showed a 118% increase in ransomware detections for the first quarter of this year, driven largely by the infamous Ryuk and GandCrab families. But more importantly, the vendor noted how many ransomware operations had embraced “innovative” attack techniques to target businesses; instead of using mass phishing campaigns (as Ryuk and GandCrab have), “an increasing number of attacks are gaining access to a company that has open and exposed remote access points, such as RDP [remote desktop protocol] and virtual network computing,” the report stated.

The concept of ransomware is no longer the concept that we’ve historically known it as.
Raj SamaniChief scientist, McAfee

“The concept of ransomware is no longer the concept that we’ve historically known it as,” Raj Samani, chief scientist at McAfee, told SearchSecurity.

Sophos Labs’ 2020 Threat Report, which was published earlier this month, presented similar findings. The endpoint security vendor noted that since the SamSam ransomware attacks in 2018, more threat actors have “jumped on the RDP bandwagon” to gain access to corporate networks, not just endpoint devices. In addition, Sophos researchers found more attacks using remote monitoring and management software from vendors such as ConnectWise and Kaseya (ConnectWise’s Automate software was recently used in a series of attacks).

John Shier, senior security advisor at Sophos, said certain ransomware operations are demonstrating more sophistication and moving away from relying on “spray and pray” phishing emails. “The majority of the ransomware landscape was just opportunistic attacks,” he said.

That’s no longer the case, he said. In addition to searching for devices with exposed RDP or weak passwords that can be discovered by brute-force attacks, threat actors are also using that access to routinely locate and destroy backups. “The thoroughness of the attacks in those cases are devastating, and therefore they can command higher ransoms and getting higher percentage of payments,” Shier said.

Jeremiah Dewey, senior director of managed services and head of incident response at Rapid7, said his company began getting more calls about ransomware attacks with higher ransomware demands. “This year, especially earlier in the year, we saw ransomware authors determine that they could ask for more,” he said.

With the volume of ransomware attacks this year, experts expect that trend to continue.

The ransomware economy

Samani said the new strategies and approaches used by many threat groups show a “professionalization” of the ransomware economy. But there are also operational aspects, particularly with the ransomware-as-a-service (RaaS) model, that are exhibiting increased sophistication. With RaaS campaigns such as GandCrab, ransomware authors make their code available to “affiliates” who are then tasked with infecting victims; the authors take a percentage of the ransoms earned by the affiliates.

In the past, Samani said, affiliates were usually less-skilled cybercriminals who relied on traditional phishing or social engineering tactics to spread ransomware. But that has changed, he said. In a series of research posts on Sodinokibi, a RaaS operation that experts believe was developed by GandCrab authors, McAfee observed the emergence of “all-star” affiliates who have gone above and beyond what typical affiliates do.

“Now you’re seeing affiliates beginning to recruit individuals that are specialists in RDP stressing or RDP brute-forcing,” Samani said. “Threat actors are now hiring specific individuals based on their specialties to go out and perform the first phase of the attack, which may well be the initial entry vector into an organization.”

And once they achieve access to a target environment, Samani said, the all-stars generally lie low until they achieve an understanding of the network, move laterally and locate and compromise backups in order to maximize the damage.

Sophos Labs’ 2020 Threat Report also noted that many ransomware actors are prioritizing the types of data that certain drives, files and documents encrypt first. Shier said it’s not surprising to see ransomware campaigns increasingly use tactics that rely on human interaction. “What we’ve seen starting with SamSam is more of a hybrid model — there is some automation, but there’s also some humans,” he said.

These tactics and strategies have transformed the ransomware business, Samani said, shifting it away from the economies of scale-approach of old. “All stars” affiliates who can not only infect the most victims but also command the biggest ransoms are now reaping the biggest rewards. And the cybercriminals behind these RaaS operations are paying close attention, too.

“The bad guys are actively monitoring, tracking and managing the efficiency of specific affiliates and rewarding them if they are as good as they claim to be,” Samani said. “It’s absolutely fascinating.”

Silver linings, dark portents

There is some good news for enterprises amid the latest ransomware research. For one, Samani said, the more professional ransomware operations were likely forced to adapt because the return on investment for ransomware was decreasing. Efforts from cybersecurity vendors and projects like No More Ransom contributed to victims refusing to pay, either because their data had been decrypted or because they were advised against it.

As a result, ransomware campaigns were forced to improve their strategies and operations in order to catch bigger fish and earn bigger rewards. “Return on investment is the key motivator to the re-evolution or rebirth of ransomware,” Samani said.

Another positive, according to Shier, is that not every ransomware campaign or its affiliates have the necessary skills to emulate a SamSam operation, for example. “In terms of other campaigns implementing similar models and techniques, it’s grown in the past 18 months,” he said. “But there are some limitations there.”

On the downside, Shier said, cybercriminals often don’t even need that level of sophistication to achieve some level of success. “Not everyone has the technical expertise to exploit BlueKeep for an RDP attack,” he said. “But there’s enough exposed RDP [systems] out there with weak passwords that you don’t need things like BlueKeep.”

In addition, Samani said the ransomware operations that earn large payments will be in a position to improve even further. “If you’ve got enough money, then you can hire whoever you want,” Samani said. “Money gives you the ability to improve research and development and innovate and move your code forward.”

In order to make the most money, threat actors will look for the organizations that are not only most vulnerable but also the most likely to pay large ransoms. That, Samani said, could lead to even more attacks on government and healthcare targets in 2020.

Shier said most ransomware attacks on healthcare companies and municipal governments still appear to be opportunistic infections, but he wouldn’t be surprised if more sophisticated ransomware operations begin to purposefully target those organizations in order to maximize their earnings.

“[Threat actors] know there are organizations that simply can’t experience downtime,” Shier said. “They don’t care who they are impacting. They want to make money.”

Source link

The post #city | #ransomware | Ransomware attacks shaking up threat landscape — again appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | City of Ekurhuleni warns of ongoing scams and cyber crime

Source: National Cyber Security – Produced By Gregory Evans With the festive season approaching, the City of Ekurhuleni (CoE) warns people of scammers who have been reportedly scamming people of their money. This follows complaints received by the City from people who have been scammed by people pretending to be municipal officials. Many victims were […] View full post on AmIHackerProof.com