efforts

now browsing by tag

 
 

Hackers #redoubling efforts after #Meck Co officials #decline #paying #ransom

Hackers are reportedly “redoubling their efforts to penetrate the county’s systems” after Mecklenburg County officials decided not to pay a ransom to unfreeze hacked servers, officials said Thursday.

Mecklenburg County remains open for business as it continues to restore services.

According to county officials, cybercriminals are trying to use emails with fraudulent attachments and viruses to further damage the county’s systems. County officials are asking residents and employees to remain patient.

County Manager Dena Diorio says hackers froze 48 county servers, and asked for two bitcoins in ransom, which totals about $23,000. This, despite claims made by other county officials to WBTV that the hackers were actually seeking a ransom on each server, which would have run the ransom into a range of the hundreds of dollars.

On Thursday, officials said ITS is disabling county employees’ option to open attachments in Drop Box and Google Documents. Officials released this statement:

“The best advice for now is to limit your use of emails containing attachments, and try to conduct as much business as possible by phone or in person. “

As the county manager refuses to pay the hackers, the county’s IT team begins work on repairing the 48 frozen servers, and bringing the affected county departments back to normal working order. These departments include the tax office, register of deeds, LUESA, assessor’s office, park and recreation, department of social services, child support enforcement, finance, sheriff’s office, and the courts.

The county was experiencing a county-wide computer system outage Tuesday afternoon. Just after 6 p.m., officials told reporters that the servers were being held for ransom.

Officials have not given a timeline for how long the repairs will take, but say they will take “days.” They have prioritized repairs on servers affecting health and human services, the courts, and LUESA.

Diorio told WBTV that bringing the 48 servers back to full strength is a process that could go into early 2018.

“Now understand things will come back up incrementally, so as we bring systems on line we won’t be shot down that long, but by the time we get everything fully restored I would say the first of the year,”Diorio said.

Rather than pay hackers demands to get rid of ransomware, the county is taking matters into  its own hands.

One place impacted and where business practices have changed is the Mecklenburg County Tax Office.

Online payments have become the norm, but with computers being down fees collected in person.

Daniel Chisholm ended up with handwritten receipt and a dose of reality.

“I am paranoid about using the internet and I use it all the time. Problem is that’s the wave of the future and you can’t get around it,” Chisholm said.

Theresa Payton and her company Fortalice Solutions is one of the companies hired by Mecklenburg County to work through this series of challenges.

She is also a WBTV cyber security expert who says hackers in most instances are hoping to beat the odds.

“For cyber criminals they have nothing to lose and everything to gain. If you think about, you have to get it right 365 days out of the year, and they only have to get it right once,” Payton said.

Getting right during this period of recovery is the goal of the county manager.

“We just ask people to work with us and be patient to the best of their ability,” Diorio said.

Dioro also expects work to continue through the weekend and through the holidays.

In the meantime, they have asked customers to call these departments to check on their services.

Below is information from county officials given Thursday of offices affected during the server outage, along with direction for customers moving forward.

Assessor’s Office (CAO)
Non-Operational:

  • County Assessor’s Office reports AssessPro (The Real Property appraisal system), NCPTS (the personal property appraisal system and the billing and collection system) are down.
  • Polaris and Tax Bill look up county web links are not working.

Criminal Justice Services
Non-Operational:

  • Research & Planning cannot run the daily population numbers without OMS interfacing with our data warehouse.  (Please note that we anticipate a spike in the jail numbers due to the release process being slowed.)

 Child Support Enforcement (CSE): CSE is in full Manual Services- still seeing customers here and in the Courthouses, all records are being hand-written and the Clerk’s office is printing/making copies for the Court.

  • Advantage is Down
  • ACTS- Automated Collection and Tracking System is down- which is used to interface with other state and federal systems; document generation; pay histories; charging and billing functions, etc
  • Compass/OnBase is down
  • Dept. Of Vital Records is down
  • Qflow- Used to track customer visits by date, time, visit purpose, service provider, etc.
  • VMWare

Community Support Services: The Domestic Violence Victim Services phone line (704-336-3210) is now fully functioning.
Non-Operational:

  • ECHO for Substance Use Services (they are documenting on paper & will scan into the system once operational),
  • OnBase for Veterans Services & secure printing and copying. We are seeing clients but Veterans Services may run slower. As soon as we have access to a copier we will run much smoother.
  • All secure printing & coping DOWN.
  • Community Support Services Prevention & Intervention Division is unable to transfer a call from the receptionist to a clinician.

 Department of Social Services (DSS): All DSS services and programs are up and running with the exception of individual medical transportation scheduling.

  •  All Public Assistance programs and services are available.  We have made adjustments to work around the systems that are unavailable.
  • Adult Protective Services and Child Protective Services are fully operational.

 Transportation Message:
If you have made a transportation reservation through DSS/MTS scheduling, please call Customer Connection at 704-336-4547 to confirm your transportation.  This includes reservations made for bus passes and vendor transportation for trips scheduled through December 11, 2017.

Finance
Non-Operational:

  • Services/support are all manual and limited as most all of our work relies on Advantage as our core financial system.
  • Automated payments, invoicing, procurement, etc.  This means no Electronic funds transfers, processing of procurement requests in the system, or other similar transactions.  Because many of our internal controls are automated, or rely on systems (verifying funds, etc.), most of our services will be manual and slowed, but we should be able to perform them.  We also cannot apply payments received to the balance owed in the system—meaning we will have a backlog and some risk to the extent collections are continuing.

 Human Resources
Non- Operational:

  • Applicants cannot apply for vacant positions

Library

  • No changes since last communication

 LUESA
The LUESA offices on Suttle Ave continue to operate to provide services to our building community.  If you have urgent permitting and inspection needs, please call 980-314- CODE (2633) and staff will be able to coordinate your request for service.

Non-Operational:

  • Code and Storm Water Services cannot review plans or issue new permits until POSSE/Winchester and other supporting systems including GIS, Navision (payment processing) are up.
  • GIS cannot provide addressing and other services including processing register of Deeds data until the GIS servers are back online.
  •  Air Quality services for asbestos reviews etc cannot be performed until the permitting system is up.

MEDIC: Nothing affected at this time.

Office of the Tax Collector
Non-Operational:

  • Property tax payments cannot be made at the Wilkinson Boulevard location.
  • Tax records and payment information cannot be accessed online or by telephone.
  • Research requests for bankruptcy, tax certificates, tax lien research, or any other service requiring reference to the tax records cannot be performed.
  • All online services including online payment options are not available.

As of Wednesday night, the county’s domestic violence hotline was down. They were directing callers to Safe Alliance reached at 704-332-2513.

County officials say employees’ payroll will not be affected by the Dec. 15 pay date. Officials say most printers are still offline, with a limited number enabled in specific offices.

View full post on National Cyber Security Ventures

Chinese #Hacking Efforts More #Strategic, Less #Noisy

Source: National Cyber Security – Produced By Gregory Evans

Chinese #Hacking Efforts More #Strategic, Less #Noisy

Chinese hackers, once some of the most careless and noisy hackers around, have become very careful and much more strategic at choosing the targets they go after.

The prototype of the Chinese hacker is well documented in the cyber-security industry. Chinese actors hack whatever they can, grab whatever they can, and sift through the data after the fact.

They also don’t care about stealth, rarely hide their tracks, and operate based on a set of general instructions that trickle down through a convoluted network of state agencies and private companies.

Nation-state cyber operations have been going on since the mid-90s, but it was only after the appearance of Chinese actors in the early 2000s that people started to pay more attention to the world of cyber-espionage.

While Russian and US groups were focusing on carrying out secret operations, putting most of their efforts in remaining hidden, Chinese hackers came like a flood and drove a truck through the front door with no regard to getting detected.

In fact, the term APT (advanced persistent threat) that is now used to describe hacker groups believed to be operating at orders and under the protection of local governments, initially stood for Asia-Pacific Threat, mainly because of the onslaught of Chinese hacks at the start of the 2000s.

US-China pact had a temporary effect on Chinese hacking operations

Their clumsiness and noisy actions eventually landed China at odds with the US, and political tensions rose so much that in the autumn of 2015, Chinese and US authorities had to meet and sign a mutual pact where neither government would “conduct or knowingly support cyber-enabled theft of intellectual property.”

The pact effectively limited nation-state hacking between the two countries to intelligence gathering operations only.

This agreement had an immediate result and after six months, cyber-security firm FireEye noted that the pact and a series of military reforms had visibly slowed down’s China’s cyber-espionage operations.

In reality, Chinese hackers didn’t stop hacking, but just started choosing their targets more carefully.

Chinese hackers become more careful

Instead of driving a truck through the front door, Chinese hacker groups started to pick locks and operate in the shadows.

For example, the clever hack and poisoning of the CCleaner app is believed to have been carried out by a Chinese APT codenamed Axiom. And let’s not forget the well-planned hacks of cloud providers so Chinese hackers could silently reach into organizations’ internal networks.

“There was indeed a decrease in activity of Chinese APTs following the pact,” Tom Hegel, Senior Threat Researcher at 401TRG, told Bleeping Computer.

“They became more strategic and operate with improved tactics since then,” Hegel added. “They were once very noisy with little care for operational security. These days it’s more strategically controlled.”

Three reports detail new Chinese hacking operations

This is why it’s so rare and most likely a coincidence that we’ve seen three reports released in the past two weeks describing various cyber operations, all linked to China.

“I personally wouldn’t say these reports are a resurgence [of Chinese hacking activity], but rather a continued increase in public reporting and identification,” Hegel said.

The first of these three new reports detailing Chinese APT activity was published last week by RiskIQ. The report details a new remote access trojan named htpRAT that was used against various targets in Laos.

The RAT comes with the ability to log keystrokes, take screenshots, record audio and video from a webcam or computer microphone, install and uninstall programs and manage files. Infrastructure reuse links the group behind this malware with PlugX, the decade-old favorite malware of multiple Chinese APTs.

A second report was released yesterday by Pwc’s cyber-security division. The report highlights new activity from a Chinese APT known as KeyBoy [1, 2], previously dormant for around four years.

The report also highlights a new RAT that can take screenshots, exfiltrate files, and download and run other malware. While previously the group targeted Taiwan, Tibet, and the Philippines, the group is now going after Western organizations. Parys says the group appears to currently be interested in corporate espionage.

Last but not least we have Check Point’s revised report on the IoT_Reaper botnet. New evidence reveals that command and control domains used by Reaper botnet were registered with an email address that is connected to the Black Vine Chinese APT, the group that breached health insurance provider Anthem in 2015.

It’s still a mystery why a cyber-espionage group would be building an IoT botnet. Some could say the group is creating a tool that could be used to launch DDoS attacks against targets the Chinese government would like to silence. Another theory is that Black Vine would use the botnet as a layer of proxies to hide future operations.

All in all, we’re seeing both a curb and maturation of Chinese hacking efforts, some of which can be attributed to the military reforms enforced by President Xi Jinping after he took power in 2012 when he said that government and military elements should stop using state resources for their own agendas.

The post Chinese #Hacking Efforts More #Strategic, Less #Noisy appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HBO’s ‘Real Sports’ Examines Risks, Safety Efforts in Youth Football – Schooled in Sports – Education Week

In Tuesday night’s episode of HBO’s Real Sports with Bryant Gumbel, the safety of youth football came under the microscope.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post HBO’s ‘Real Sports’ Examines Risks, Safety Efforts in Youth Football – Schooled in Sports – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Too Much Threat Data Hinders Cybersecurity Efforts

bay-dynamics-cybersecurity-funding

Source: National Cyber Security – Produced By Gregory Evans

Too Much Threat Data Hinders Cybersecurity Efforts

Take a look at some of these numbers from Symantec’s 2016 Internet Security Threat Report. In 2015, Symantec discovered more than 400 million new pieces of malware, an increase of 36 percent over 2014. On average, there was one new

The post Too Much Threat Data Hinders Cybersecurity Efforts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT

iStock_000073388503_Large-970x350

Source: National Cyber Security – Produced By Gregory Evans

US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT

Following the theft of millions of dollars from Bangladesh Bank via the international financial messaging system SWIFT, US banking regulators have outlined steps to tighten cyber-security at the nation’s banks.
US banking regulators issued a joint letter outlining ways they

The post US Bank Regulators Tighten Cyber-Security Efforts Around SWIFT appeared first on National Cyber Security.

View full post on National Cyber Security

Ukraine tensions could hurt international security efforts, Kaspersky says

As governments all around the world are finding a peaceful solution for the political tension in Ukraine , the cyber-criminals could catch government with online attacks , warned Kaspersky Lab CEO Eugene Kaspersky.

“It is good news for the local IT projects, but the international projects will have less budgeted,” says Kaspersky.

“When the governments don’t talk to each other and cooperate, that damages traditional industry and economies, but also cyberspace”  They added.

“It will damage global Internet projects,” he said. “Nations will be more focused on the national projects. That’s good news for the local IT companies, but … the evolution of cyberspace will slow down.” They continued.

Anything that decreases trust among government can hurt such efforts, Kaspersky said.
Source:http://whogothack.blogspot.co.uk/2014/04/ukraine-tensions-could-hurt.html#.VjacTfmqqko

The post Ukraine tensions could hurt international security efforts, Kaspersky says appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

(ISC)2 Foundation and University of Phoenix Research identify gaps hindering efforts to fill cybersecurity jobs

(ISC)2 Foundation and University of Phoenix Research identify gaps hindering efforts to fill cybersecurity jobs

Cybersecurity breaches affect businesses large and small, and the annual cost of computer- and network-based crimes worldwide is estimated to be more than $400 billion, according to a report from McAfee and the Center for Strategic and International Studies. As […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

EU and UK step up efforts to protect banks from cybercrimeNational Cyber Security

nationalcybersecurity.com – Yesterday Europol’s European Cybercrime Centre (EC3) announced that it had signed a Memorandum of Understanding (MOU) with the European Banking Federation (EBF) – which represents 4,500 banks and b…

View full post on Hi-Tech Crime Solutions Weekly

EU and UK step up efforts to protect banks from cybercrime

EU and UK step up efforts to protect banks from cybercrime

Yesterday Europol’s European Cybercrime Centre (EC3) announced that it had signed a Memorandum of Understanding (MOU) with the European Banking Federation (EBF) – which represents 4,500 banks and building societies in the region – to “intensify cooperation between law enforcement […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Drought year danger makes fireworks safety task force efforts more critical than ever

Top Priority Sector:  law_enforcement_first_responders The convergence of drought-parched conditions, a recent rash of suspected arson-caused fires around the state, and the increased movement of illegal fireworks into California are bringing renewed commitment to fire safety enforcement efforts in the run-up to the Fourth of July. Read More….

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Drought year danger makes fireworks safety task force efforts more critical than ever appeared first on National Cyber Security.

View full post on National Cyber Security