State

now browsing by tag

 
 

12 #Connecticut #state agencies #hit by a #cyber attack

The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.

DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.

NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab). nra.org, nracarryguard.com, and nrafoundation.org join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.

As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.

Read More….

advertisement:

The post 12 #Connecticut #state agencies #hit by a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

State #institutions in #Denmark #vulnerable to #hacking, expert #reveals

Source: National Cyber Security News

Last summer one of Denmark’s biggest companies, Maersk, was hit by a hacking attack that paralysed its computer systems and ended up costing the firm an estimated 1.9 billion kroner.

And the shipper is not the only one. Twice in 2017, the Southern Denmark region experienced ransomware attacks that locked users out of their accounts and databases.

A survey of state institutions undertaken by the national auditor, Rigsrevisionen, has shown that the Foreign Ministry, health service databank Sundhedsdatastyrelsen, state railway track owner Banedanmark and the emergency response service Beredskabsstyrelsen are all potentially vulnerable to similar attacks, reports DR Nyheder.

Update your security systems!
The auditors noted that security to prevent ransomware attacks was not sufficient and that none of the institutions have fully ensured that their programs all have the latest security updates.

IT security expert Christian Dinesen from the consultancy firm NNIT feels that these institutions are making it much too easy for cyber criminals.

“It is critical, because all these institutions perform vital functions in our society,” said Dinesen.

“What the report shows unfortunately is an immaturity that is also found in other places. Things like local administrators’ rights and security programs not being updated have been in the spotlight for the last 15 years.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Four ways #state and local CIOs can boost #cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Looking back at the hundred-plus FBI cyber investigations and victim notifications I’ve worked over the past decade, without a doubt, the most concerning and most difficult ones centered around local and state governments.

States and cities face a tall order: protecting critical data and infrastructure. They’re expected to conduct an investigation, and remediate and prevent future attacks, all with under-staffed or non-existent cybersecurity teams, limited incident response capacity, and a lack of reliable technology.

Working closely with CIOs in cities like Los Angeles and states like Colorado has given me perspective on what is working and where we should be devoting our energy. Here are the top four observations — and solutions — for helping city and state CIOs resolve their cybersecurity challenges.

1. Get the basics right, then tackle IoT

I get it. IoT is important. IoT is scary. But we are still not doing the basics on the workstations and servers that run those IoT devices. Many jurisdictions, for instance, do not yet have a complete and accurate inventory of every asset on their network. And the easiest way to breach a network will always be through the one unpatched piece of software the organization doesn’t know about — not the smart streetlight (yet). This is not to say states and cities should halt all IoT efforts. Rather, they should prioritize their time and investments in getting essential cyber hygiene efforts done first.

Action item: Have your security team run a vulnerability scan and compare the endpoints found with your IT team’s most recent patch report. If the reports are identical, compliment both teams; if they’re not, check both teams’ tools. One of them is broken.

2. Break down organizational silos

IT operations in state and city government are often run by the various agencies within the government, rather than being centralized under the state’s or city’s CIO. This leads to shadow IT, with a wide range of servers, software, and hardware spread across the state and city, and no standardized way to measure their risk level or even know when systems need to be updated. IT administrators cannot share best practices, causing further inefficiencies. What’s worse than shadow IT? Shadow security — rogue systems with no security features turned on. Fortunately, some states and cities have made significant efforts toward consolidating and federating their IT, and the broader trend is toward consolidation, as NASCIO reported in its survey of state CIOs.

Action item: Identify the agency or department with the least number of cybersecurity resources and consolidate those first. Don’t boil the ocean by starting at the agency with the most crown jewels.

3. Reduce the number of tools

Because technology management is so spread out across agencies, states and cities tend to have dozens of tools for managing their IT and security. I once responded to an incident at a state government that had more than a dozen different tools for asset inventory and patching alone. If you have a dozen tools, you need people with expertise in each piece of software, and you have to commit valuable time and money to train those people. When a mistake gets made and leads to an incident, IT staffers have to bring in outside help, because no one internally has expertise in all the tools, which is required to conduct a proper response. States and cities can significantly reduce their risk, and improve efficiency, by consolidating IT operations and security tools. Shared tools also are better for states’ budgets, because procurement officials can negotiate state-wide prices.

Action item: Track the top 10 agencies in your state or city by number of employees and count the number of IT and security tools being used across all 10 networks. Start thinking about how many tools overlap and which ones can be decommissioned.

4. Create dedicated security roles

The cybersecurity workforce gap is an oft-discussed issue, but it’s especially prevalent in local governments and even some state agencies. Too often, IT professionals are tasked with taking on security roles, too, or their positions are only part time. In both cases, not enough attention is being paid to security. IT teams need to get creative in solving their workforce issues. Try forming tiger teams made up of diverse experts from across agencies to evaluate your state holistically and solve discrete IT and security problems. Consider leveraging existing resources, such as your state’s National Guard. Explore ways to partner with local universities to get young people interested in government and cybersecurity. By far, the most interesting cyber cases I’ve investigated happened only because I worked for the government. It is why NSA, not Silicon Valley, is able to hire the best mathematicians — they recruit early and often.

Action item: Sponsor a capture-the-flag hacker tournament at a state college and offer the top three winners summer internships at your agency.

Many of these challenges and solutions are connected. Reducing the number of tools not only helps with security, it also addresses your workforce issues by freeing up the time and money you were formerly spending on a plethora of tools and training.

States and cities are clearly placing an increased emphasis on improving IT management and security, as was made clear when 38 governors signed the National Governors Association’s cybersecurity compact this summer. Now it’s time to tackle the tough issues.

The post Four ways #state and local CIOs can boost #cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Attackers #hijack #state agency #server for #malware

Source: National Cyber Security – Produced By Gregory Evans

Attackers #hijack #state agency #server for #malware

Cybercriminals are always upping their game. One of their latest gambits, a sophisticated phishing attack that involved hosting malware on at least one state’s government servers, shows that they may be outpacing the good guys.

The multistage targeted attack, discovered and announced last week by researchers at the Cisco Talos threat intelligence group, began with the bad actors creating a realistic-looking “spoof” email that purported to be from the Securities and Exchange Commission. This spear-phishing email was sent out to a number of government agencies in a highly targeted scheme, which the researchers deduce came from a motivated threat actor or group that continues to operate.

At the government agencies where the phishing emails succeeded, the online criminals were able to surreptitiously plant malicious code on government servers in at least one state, Louisiana, to create a “malware infection chain” likely to dupe other targets. Representatives from the state of Louisiana had no comment for this story.

According to Craig Williams, senior technical leader at Cisco Talos, this attack is similar to previous so-called DNSMessenger attacks, which have become more frequent this year, whereby sophisticated techniques are used to infect legitimate enterprise and government computer systems with viruses, ransomware, Trojans and other types of malware.

“We have threat hunting techniques specifically designed to detect DNSMessenger,” said Williams, describing how he and his team of researchers tracked this exploit and the infected state government server. “Once we examined the malware sample, that led us to the web server.” He added that it appeared only “a single server” was affected.

While the researchers appear to have exposed this attack before it could gain too much traction (and impact more government servers), the growing creativity and sophistication of both the phishing attacks and hackers’ ability to insert malware into a legitimate government enterprise servers underscores how much more crafty and talented cybercriminals are becoming, according to Williams. “By using ‘known good’ servers, attackers are hoping to go unnoticed,” he said. “No one would normally question someone connecting to a state of Louisiana public web server, for example.”

And the government sector is becoming an increasingly attractive target for such attacks. According to the 2017 U.S. State and Federal Government Cybersecurity Report, released in August 2017 by SecurityScorecard, government organizations received the lowest security scores across multiple sectors, including transportation, retail and healthcare. “It’s clear that cybersecurity incidents are not going anywhere and that government will continue to remain a target,” the report concluded. “But with technology propelling forward and hackers as motivated as ever, government agencies are struggling to put up effective cybersecurity defenses, and hackers are taking advantage.”

Williams agreed. “We will likely see the actors behind DNSMessenger continue to use any public server they can compromise,” he said. “It helps the actors hide their infrastructure and go undetected longer.”

The post Attackers #hijack #state agency #server for #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

State of Small Business Cybersecurity in North America

Source: National Cyber Security – Produced By Gregory Evans

State of Small Business Cybersecurity in North America

Small business owners know they are at risk for cyberattacks, but they are somewhat at a loss as to what to do. That’s one of the findings of a new report from the Better Business Bureau, The State of Small Business Cybersecurity in North America, released today as part of National Cybersecurity Awareness Month. One of the more troubling findings is that half of small businesses reported they could remain profitable for only one month if they lost essential data.

“Profitability is the ultimate test of risk,” said Bill Fanelli, CISSP, chief security officer for the Council of Better Business Bureaus and one of the authors of the report. “It’s alarming to think that half of small businesses could be at that much risk just a short time after a cybersecurity incident.”

“Small business owners get it,” Fanelli continued. “When we asked them about the most common cybersecurity threats – ransomware, phishing, malware – they know what’s out there, and most of them have basic protections in place. For instance, 81% use antivirus software and 76% have firewalls. But one of the most cost-effective prevention tools, employee education, is used by fewer than half of the companies we surveyed. Other prevention measures scored even lower.”

BBB surveyed approximately 1,100 businesses in North America (71.4% of the sample came from the United States, 28.5% from Canada and 0.1% from Mexico). Two-thirds of the participants were BBB Accredited Businesses, and they apparently fared marginally better in most measures, such as awareness of specific threats and adoption of cybersecurity measures. The data was collected in an online survey with a margin of error of approximately +/- 3% for a 95% confidence interval.

The report focuses on cybersecurity effectiveness from three perspectives: a) cybersecurity standards/frameworks; b) best practices; and c) cost-benefit analysis. One of the key findings is that the NIST Cybersecurity Framework, technically a voluntary standard from the National Institute for Standards and Technology, is becoming mandatory in some markets. Not only are many companies requiring it of their vendors for procurement, but many businesses are adopting it because it helps them run a better business. The NIST framework is the basis for BBB’s training program, “5 Steps to Better Business Cybersecurity”

The State of Small Business Cybersecurity emphasizes the need not only for education and training, but for cost-benefit analysis of cybersecurity measures. The report suggests a formula created by two professors at the University of Maryland, Martin P. Loeb, PhD and Lawrence A. Gordon, PhD, to help small business owners estimate their risk from cybersecurity attacks and calculate an appropriate investment in prevention.

“It doesn’t do any good for a small business to adopt a $10,000 solution if the potential risk reduction is only worth $5,000,” said Fanelli. “We hope this report will give small business owners greater awareness of the real and the perceived risks of cyberattacks, as well as best practices for protecting against these types of security threats. We hope it serves as a step forward in advancing cybersecurity in the marketplace.”

Source:

The post State of Small Business Cybersecurity in North America appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Homeland Security clarifying state election hacking attempts

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security has notified two states that Russian hackers attempted to scan networks other than their election systems in the run-up to the 2016 presidential election, contrary to details provided last week. On Wednesday, California became the second state — after Wisconsin — to receive the clarification….

The post Homeland Security clarifying state election hacking attempts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

20-year prison term proposed for hackers of State secrets

Source: National Cyber Security – Produced By Gregory Evans

Cyber criminals, convicted of hacking into government databases to mine State secrets for sale to foreign countries, will serve 20 years in jail if Parliament passes a Bill seeking to tame the growing white-collar crime. The Computer and Cybercrimes Bill 2017, a revised version of a 2016 law, also proposes…

The post 20-year prison term proposed for hackers of State secrets appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Is the state the biggest cyber criminal of all?

Source: National Cyber Security – Produced By Gregory Evans

The internet is the first thing humanity has built that humanity doesn’t understand Cyber crime is one of the fastest growing areas of criminal activity in the world and policing it is no longer considered exclusive to law enforcement. INTERPOL Secretary General Jürgen Stock in January 2016 stated “[…] cyber…

The post Is the state the biggest cyber criminal of all? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers

Source: National Cyber Security – Produced By Gregory Evans

Grim reading…Malware is growing, adware mutating, and sophisticated ‘nation state’ tools are being used by low-level hackers Security specialists Check Point has painted a fairly grim picture of the cyber security landscape in its latest ‘Cyber Attack Trends: Mid-Year‘ report. It revealed that ransomware attacks have doubled in the first…

The post Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures