now browsing by tag
Source: National Cyber Security – Produced By Gregory Evans (TNS) — Las Cruces, N.M., Public Schools Interim Superintendent Karen Trujillo presented some updates Thursday on the recent cyber attack that targeted the school district, prompting a shutdown of Internet servers and devices across the district. At a Thursday afternoon news conference in the district’s administration […] View full post on AmIHackerProof.com
#city | #ransomware | 90pc of UK’s biggest law firms at risk of having confidential client data stolen
Source: National Cyber Security – Produced By Gregory Evans Around nine in 10 of the UK’s biggest law firms are at risk of being scammed or having their clients’ confidential data stolen or compromised due to sub-standard IT security. A new study of 200 of the country’s biggest law firms found more than 90pc are […] View full post on AmIHackerProof.com
#school | #ransomware | U.S. National Guard ready for potentially devastating domestic cyberattack – Defence Blog
Source: National Cyber Security – Produced By Gregory Evans The U.S. National Guard has confirmed that it is ready to mobilize its cyberdefenses in case of a potentially devastating domestic attack. Everyday the National Guard and other state agencies are preparing and battle to protect and deter malicious cyberattacks to U.S. cyberinfrastructure, according to a […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Cybercrime has never been one to hem in tactics with ideology or rules. Rather, malware operators are known to use what works and then modify code to continue to work. By “work,” we mean that the code does what it is supposed to; for information stealers, […] View full post on AmIHackerProof.com
Mass ransomware hit Spain earlier this week, BlueKeep’s back and there’s yet another twist in the sextortion saga – we discuss all this and more in the latest episode of our podcast.
I hosted the show this week with Sophos experts Mark Stockley, Peter Mackenzie and Paul Ducklin.
Listen below, or wherever you get your podcasts – just search for Naked Security.
Click-and-drag on the soundwaves below to skip to any point in the podcast.
We also have a brand new Naked Security YouTube channel. We’ll be sharing full-length videos of the podcast plus lots of other new concepts, so subscribe now!
The post BlueKeep, ransomware and sextortion – Naked Security Podcast – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
A ransomware attack last weekend struck the network of the Canadian territory Nunavut, severely impeding a bevy of government services that rely on access to systems and electronic files.
The attack took place on Saturday afternoon, encrypting files on government servers and workstations and crippling email and other internet-based communications. The only service to be unaffected is the Qulliq Energy Corporation, Nunavut’s only power utility.
With an estimated population that’s approaching 40,000, Nunavut is Canada’s northernmost territory, which split off from the Northwest Territories in 1999. Many of its inhabitants are Inuit.
“I want to assure Nunavummiut that we are working non-stop to resolve this issue,” said Nunavut Premier Joe Savikataaq in a government press release. “Essential services will not be impacted and the GN will continue to operate while we work through this issue. There will likely be some delays as we get back online, and I thank everyone for their patience and understanding.”
In an attempt to mitigate the incident, the territory is prioritizing the restoration of data to key services related to health, family services, education, justice and finance, the press release continues. Government officials expect that most files will ultimately be restored, thanks to their use of back-up files. While services continue to operate, some are running contingency procedures and conducting business manually, resulting in significant delays.
An FAQ page published on Nunavut’s official government website offered updates on the statuses of its departments.
For instance, Department of Health workers are currently relying on a paper-based system, while the territory’s MediTech health care software system remains inoperational. Health care facilities continue to operate, and patients scheduled for visits can keep their appointments, though they are asked to bring their health care cards and medications. Telehealth services, however are down and must be rescheduled.
Additionally, the Finance Department may be delayed in sending government employees and vendors their scheduled paychecks. Medical or duty travel payments and reimbursements are also impacted. Distribution of driver’s licenses and ID cards — a responsibility of the Department of Economic Development and Transportation (EDT) — is also impacted.
Networked phone services in the capital of Iqaluit are functional, but using direct dial only.
“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm,” the states the ransom note, which was obtained by the Canadian Broadcasting Corporation (CBC). The note instructs the victim to install the Tor browser and visit a link to a payment site. The attackers warn that the link expires in 21 days, at which point the decryption key will be deleted.
Brett Callow, company spokesperson at cybersecurity company Emsisoft, told SC Media in emailed comments that the ransomware note matches that of a ransomware called DoppelPaymer, which is often distributed via the Dridex banking trojan. Victims are often infected with Dridex when they open a phishing email attachment, he added.
In the Nov. 4 press release, Nunavut officials said they responded to the attack by “isolating the network, notifying cybersecurity experts and working with our internet software providers.”
“It is difficult to estimate recovery timelines at this early stage,” the release continues.
“Ransomware attacks can have a much larger impact than temporarily denying access to systems in exchange for payment. The demanded ransom amounts often pale in comparison to the collateral damage and downtime costs they cause,” said Justin Des Lauriers, technical project manager at Exabeam, in emailed comments. His colleague, Barry Shteiman, VP of research and innovation, added that “for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments. Armed with this information, analysts should be able to react faster in the event their organization is hit with a ransomware infection.”
The post #cybersecurity | hacker | Ransomware attack delays government services in Nunavut, Canada appeared first on National Cyber Security.
View full post on National Cyber Security
#school | #ransomware | Las Cruces Public Schools computers still offline a week after hacking attack
Source: National Cyber Security – Produced By Gregory Evans Education LAS CRUCES, New Mexico — The computer network for the Las Cruces Public Schools remained offline a week after a ransomware attack by hackers forced the shutdown of the entire system. After originally trying to get existing servers for dozens of schools back online late […] View full post on AmIHackerProof.com
Though ransomware attacks aren’t a recent phenomenon, they do seem to be increasing in frequency and intensity. If society has grown used to these kinds of cyberattacks, that’s about to change—with the reports of 20+ Texas governmental entities recently being simultaneously hit in a coordinated attack, there may be a new and even scarier method of extorting entities for their data.
By definition, ransomware is a type of malware code that uses virtually unbreakable encryption to deny user access to a company’s systems. By the time of the actual attack, the perpetrator has already done reconnaissance to find weaknesses in the chosen system, which they then exploit that to find important data, manipulating the environment to where the affected entity cannot touch its own information. The victim then receives a message demanding some kind of payment—bitcoin being a preferred option—to unlock the files or systems. In short, ransomware operates exactly as a hostage situation seen in films and television shows: The hacker literally hoards the keys to the company’s kingdom, only relinquishing them when their demands are met.
The first known ransomware attack was in 1989 and was conducted using snail-mailed floppy disks. Technology has come a long way since then and today’s attacks are much easier to carry out; they’re more lucrative, as well. Typically, ransom requests generally average around $500 USD—a seemingly tiny sum for entities worth billions. No matter what the amount, these financial after-effects are obviously painful for the victims, and sometimes the companies attacked aren’t always the sole injured party. After the 2018 attack on the City of Atlanta, wherein the ransom was $50,000 USD in bitcoin, the additional remediations totaled more than $2.6 million taxpayer dollars. However, $50,000 is a drop in the bucket for these new attackers in Texas—after their government attack, they’ve demanded a collective $2.5 million, a serious upgrade in reward for their criminal risk.
So what else makes these recent attacks in Texas unique? For one thing, nearly two dozen entities were hit in one fell swoop, something that smacks of more sophisticated methods and patience on behalf of the attacker or attackers. The 2016 Verizon Data Breach Investigations Report said phishing is the No. 1 cause of data breaches, and spear-phishing could be how the Texas criminals gained access to inject their malware. Spear-phishing is the use of targeted emails that, when the recipient clicks on a link in that message, allows the cybercriminal to obtain sensitive information—i.e., credentials—or install that malware into the company’s systems. If this is indeed how the bad actor infected government entities in Texas one by one, it shows some patience to wait until they had an opening into a number of systems, then coordinating the lockup to happen all at once. Local governments are a prime target for these kinds of hacks, and the size of this one has prompted a huge, statewide response.
Though Texas is just the latest victim, what’s scarier is that these cybercriminals and their methods will only get better and more exotic. How long before bots start locking hundreds of systems at once? Already there are ransomware-as-a-service providers that enable even the most novice cybercriminals to hack in with tools such as CryptoWall, Locky and TeslaCrypt. For everyone with data to protect, the idea is terrifying, and society isn’t doing much to help themselves—there is definitely more that could be done.
In the analog world, companies and governments actually play a part in aiding the cybercriminals when they fail to report. Even if they don’t announce the attack publicly, sometimes it’s still obvious that it happened, such as when a local or county government suddenly cannot produce vital records or process things like permits and marriage licenses. Other private companies might be down for a short amount of time, failing over to backup systems, but still in danger of at least temporarily losing some data depending on their backup frequency. As the attacks continue to intensify and grow stronger, companies must take steps to protect themselves and not give the criminals any wiggle room.
So, what are these steps? What can be done to mitigate these attacks and lessen the risk of it happening?
- Make sure to run the latest patches on systems, as well as the latest versions of applications—even middleware and those on the back end.
- If there is no InfoSec team dedicated to overall, company-wide security, invest and put one together as soon as possible.
- Leverage industry-standard (ex: NIST, SANS) and compliance guidelines such as PCI, ISO, HIPAA, etc. to make sure at least most security bases are covered.
- Educate your employees on how to spot phishing and vishing attempts.
It’s that last point that is most critical. Unfortunately, humans will always be the biggest risk to an organization’s security, and therefore, employee education is key. In this spirit, prepare and execute a robust security awareness campaign and conduct regular training sessions. Then, after you’ve completed the training and education, do it again—keep at it until security isn’t a thought anymore because it’s part of everybody’s routine, daily processes. Ransomware attacks aren’t a new or recent development, but as they continue to develop in strength and the potential for bigger financial penalties continues to grow, it’s always better to be safe rather than sorry.
The post #cybersecurity | #hackerspace |<p> Ransomware Attacks Keep Growing – Security Boulevard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans From analysing the malware’s code, we can see that it skips the routine if the created IP address is a local one (Figure 4). The malware can infect public IP addresses with port 139 open that are using any of the common administrator usernames and passwords […] View full post on AmIHackerProof.com
Ransomware has steadily become one of the most pervasive cyberattacks in the world. And while high-profile global meltdowns like 2017’s NotPetya strain garner the most attention, localized attacks have devastating consequences as well. Look no further than the cities of Atlanta and Baltimore, whose online operations ground to a halt after ransomware takeovers. Or more recently, Alabama’s DCH Health Systems, which had to turn away all but the most critical patients from its three hospitals after hackers seized control of their networks.
The attacks affect communities both large and small. In fact, victims often aren’t even specifically targeted. Hackers have increasingly focused on so-called managed service providers, companies that remotely handle IT infrastructure for a wide range of customers, to get the highest return on their investment. Successfully compromise one MSP, and you can hit nearly two-dozen local Texas governments, as one recent example proved.
It’s the kind of large-scale problem that would benefit from a large-scale solution. Yet despite the clear and pervasive danger, Congress seems stumped.
“There’s a gap between the focus and resources here in Washington and what happens in a town of 200,000 people,” representative Jim Himes (D-Connecticut) tells WIRED.
While Himes, a member of the House Intelligence Committee, is concerned about the rise in these brazen attacks, he also sees fundamental limitations in the federal government’s ability to help stop hyper-local attacks.
“There’s only so much the federal government can do to encourage municipalities to patch their software and update their equipment, that sort of thing,” Himes says.
“There’s an urgency and an immediacy.”
Senator Richard Blumenthal
Last month the Senate passed a bill that would force the Department of Homeland Security to set up “cyber hunt” and “cyber incident response” units, including bringing in experts from the private sector, to help ward off attacks or to help respond after an entity is hit. But even one of that bill’s main sponsors, senator Maggie Hassan (D-New Hampshire), is now calling for the Government Accountability Office to conduct a top-to-bottom review of the federal government’s programs aimed at helping localities and entities crippled by these ransomware attacks.
“The federal government must do more to help state and local governments prevent and respond to cyberattacks, and this report will give us a key tool to identify how the federal government is doing in this task, and what more can be done,” Hassan said in a statement accompanying the release of her letter to the GAO.
The letter itself reveals the mysterious depth of this growing problem: Congress and the agencies tasked with protecting American’s security are basically clueless when it comes to even understanding the scope of the problem.
While Congress still lacks a tangible plan to help mitigate the impact, some members at least seem to be increasingly aware of the issue.
When WIRED broached the topic of recent ransomware attacks against Connecticut school districts back on July 16, neither of that state’s senators really knew about the problem that had gripped their own constituents. But when asked again recently, senator Richard Blumenthal (D-Connecticut) acknowledged the stakes of the growing problem.
“I’m beginning to hear it very loudly and clearly from officials that they are feeling isolated, alone, [and] incapable of responding,” Blumenthal said last month.
The senator’s newly acquired knowledge on the topic may stem from the spike in high-profile ransomware attacks that have struck communities in Arizona, Oklahoma, Virginia, New York and Texas, just to name a few.
“Ransomware is one of the growing threats to cybersecurity, and the federal government ought to be doing everything possible to assist towns and cities,” Blumenthal said. “There’s an urgency and an immediacy.”
Blumenthal’s now calling for the federal government to provide states with technical expertise on ways to defensively combat these attacks, outlines of a potential strategy to respond to such an attack. (Even seemingly straightforward questions like whether to pay the ransom or hold out remain divisive.) Blumenthal has also called for moving taxpayer dollars from Washington to localities so they can secure and harden their systems. The Pentagon may be fortified against foreign cyberintrusion, but local school districts and municipalities now face sophisticated attacks from hackers or foreign entities that many policymakers view as an attack on America itself.
The post Congress Still Doesn’t Have an Answer for Ransomware appeared first on National Cyber Security.
View full post on National Cyber Security