Atlanta Municipal Systems Hit with Ransomware Attack

Atlanta city employees coming to work this morning were handed an unusual notice: don’t turn on your computers. The municipal systems had been hit with a ransomware attack on Thursday, and employees at City Hall were not to use their computer until they were cleared by the municipal IT group.

According to the Atlanta Journal-Constitution, city officials have been struggling to determine how much sensitive information may have been compromised in the attack. Atlanta Mayor Keisha Lance Bottoms told employees to monitor their bank accounts.

“Let’s just assume that if your personal information is housed by the City of Atlanta, whether it be because you are a customer who goes online and pays your bills or any employee or even a retiree, we don’t know the extent, so we just ask that you be vigilant,” Bottoms said.

The attackers demanded the equivalent of $51,000 in digital currency to unlock the system, and the attack is affecting applications customers use to pay bills or access court-related informationUSA Today reports.

According to Craig McCullough, AVP, U.S. Federal for data protection and information management solution provider Commvault: “The recent ransomware attacks on Atlanta’s computer systems is another wake up call for the U.S. Government to be better prepared to defend against cyber-attacks. Unfortunately these attacks are not isolated incidents and will continue across Federal […] Read more »

 

 

Only 39% of Breached Companies Can Confidently Identify Source

Nearly four in five companies (79%) were hit by a breach in the last year, according to new research from Balabi. The report, titled The Known Unknowns of Cyber Securityalso revealed that seven out of ten (68%) businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months.

The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security concerns, their experience with IT security breaches, their understanding of how and when breaches occur, and the strategies they’re using to combat hackers.

Knowing your Environment

The majority of businesses know very little about the nature of the security breaches that take place within their organizations. Whilst a high percentage of companies have experienced a breach, less than half of respondents (48%) feel fully confident that they would know if a breach had even happened, meaning that more could have taken place without their knowledge. Furthermore, only 42% of respondents feel very confident about what data was accessed during a breach, and a mere 39% were fully confident that they could identify the source of a breach.

Privileged users, who are granted the most access within an organization, are vulnerable to attack and can open the door to insider threats, leading to internal tension around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that an insider data breach is the biggest threat they are facing in network security.

“Attacks are becoming more and more sophisticated and every organization is at risk,” said Csaba Krasznay, security evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”

“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough,” Krasznay continued […] Read more »

 

 

4 Trends Driving Security Operations Center

Today, the need for organizational trust has been amplified by cyber threats that continue to grow in variety, volume and scope. According to the Cisco 2018 Annual Cybersecurity Report, 32 percent of breaches affected more than half of organizations’ systems, up from 15 percent in 2016. Network breaches shake customer confidence, and it’s essential that organizations protect intellectual property, customer records and other critical digital assets. A strong cybersecurity strategy is today’s foundation for creating confidence among partners and customers.

The Security Operations Center Gains Prominence

A key factor in establishing trust is the presence of a Security Operations Center (SOC). This is true whether the SOC functions internally or is provided by a third party, such as a managed security service provider (MSSP).

This team monitors, detects, investigates and responds to cyber threats around the clock. The SOC is charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems and brand integrity. This includes the connected controls found in networked industrial equipment. The SOC assumes overall responsibility for monitoring, assessing and defending against cyberattacks.

SOCs have grown in importance due to four primary trending needs:

  1. Departmental collaboration: It’s more important than ever that organizations maintain an environment where skilled people with the right tools can react quickly and collaborate to remediate system-wide as well as local problems.
  2. Cross-functional collaboration: People and cybersecurity tools must work together with other critical IT functions and business operations. These departments align with business objectives and compliance needs for a high-performing operation that is efficient and effective.
  3. Company-wide coordination and communication: As a security event takes place, it’s essential that there’s a centralized team to communicate with the rest of the organization and ensure efficient resolution. In turn, it’s also important that the organization knows who to turn to in the event of an incident.
  4. A holistic view: A view of all digital assets and processes that is centralized and real-time makes it possible to detect and fix problems whenever and wherever they occur. Centralization is critical for IoT systems. The sheer number of devices and the likelihood that they are widely dispersed make local monitoring impractical and inconsistent.

As security operations have changed, the associated job roles and responsibilities have evolved as well. Having the right team with the right skills in place is essential to optimizing an organization’s front-line defense.

SOC Member Roles

Within the SOC, there are many roles. While SOC teams are not all the same, these roles typically include:

  • Cybersecurity SOC Manager: Manages the SOC personnel, budget, technology and programs, and interfaces with executive-level management, IT management, legal management, compliance management and the rest of the organization.
  • Incident Responder: Investigates, evaluates and responds to cyber incidents.
  • Forensic Specialist: Finds, gathers, examines and preserves evidence using analytical and investigative techniques.
  • Cybersecurity Auditor: Monitors compliance of people, procedures and systems against cybersecurity policies and requirements.
  • Cybersecurity Analyst: Identifies, categorizes and escalates cybersecurity events by analyzing information from systems using cyber defense tools.

These individuals work together to identify and respond to cybersecurity incidents in real time.

Building a SOC: A Challenge and an Opportunity

As networks expand and grow in complexity, SOCs are emerging as the enterprise’s front and best line of defense. The SOC is a strategic, risk-reducing asset that strengthens the security of an organization’s systems and data. Building a SOC isn’t as easy as simply hiring new team members, however […] Read more »

 

 

Big Data’s Big Peril: Security

We live in a world that is more digitally connected than ever before, and this trend will continue well into the foreseeable future. Mobile phones, televisions, washers and dryers, self-driving cars, traffic lights, and the power grid – all will be connected to the Internet of Things. It has been said that by 2020 there will be 50 billion connected things. These devices produce exponentially growing amounts of data such as emails, text files, log files, videos, and photos.

The world will create 163 zettabytes (a zettabyte equals one sextillion bytes) of data annually by 2025. Enterprises of all sizes can gain competitive advantages and valuable insights by incorporating big data and predictive analytics into their business strategies to fuel growth and drive operational efficiencies. But with all this data at hand, it’s vital to understand which data is actionable, and how it needs to be considered. Here are two examples of ways businesses are utilizing big data to improve the bottom line.

First, big data analytics can reduce customer churn. Predictive models are being built using customer demographics, product profile, customer complaint frequency, social media, and disconnect orders to flag customers who are likely to churn. Companies can identify these customers to better understand their issues and improve inefficient business processes. They can also recommend products that meet customer feature and price needs.

Second, big data can help prevent network outages. This is especially critical with government, medical, and emergency services networks, where outages can have severe impacts. Predictive models can ingest network logs to look at past device performance and predict hours in advance when an outage may occur, giving network engineers time to replace faulty equipment […] Read more »

 

 

The Shift in Security Operations in a Multi-Cloud World

As cybersecurity continues to become more complex and harder to manage, the role of security operations for organizations is also shifting across the board. Long gone are the days where firewalls or intrusion detection systems (IDS) could keep adversaries outside the perimeter. Instead, we are seeing increases in both size and frequency of attacks leading to more pronounced impacts to the business.

There are two primary factors that driving this change. To be successful today, modern security operations needs to understand these drivers and evolve their processes, procedures and tools to meet these new challenges.

The first driver has little to do with security as we think about it today. The modern IT organization is being required to deliver more business value at higher velocity with reduced costs. The most recent Rightscale State of the Cloud Report states that 85 percent of enterprises now rely on multiple clouds. This trend makes perfect sense as IT organizations reach for the best tools possible to meet their goals. However, the diversity of platforms and tools has driven more complexity in to the security operations than they were designed or resourced to accept. In my experience, most organziations have difficulty understanding where their data resides in the suite of platforms in use, let alone how that data is being protected.

The second driver is directly related to the security landscape. Over the past five years, we’ve seen the results from the investments adversaries have made in expertise. Modern attacks performed by advanced persistent threat (APT) groups rarely use sophisticated methods like zero-day attacks. Instead, these groups are characterized by the “persistent” component of their moniker. A consistent set of attacks, powered by cybersecurity expertise, is capable of breaching most organizations using traditional prevention or deterrence techniques […] Read more »

 

 

 

The most common of modern cyber attacks that your business could face in 2018 and ways to avoid them.

There is the Great Isabel; the Little Isabel, which is round; and Hermosa, which is the smallest.

The 2017 news base was dominated by cyber threats, cyber crimes, breaches and more. At every turn of the page you were overwhelmed with headlines surrounding breaches of major companies, viral ransomware and leaks of spy tools from U.S. intelligence agencies.

Unfortunately, 2018 seems likely to be another year of threats across the board. The mission for all involved in the security space is to constantly educate, share and empower one another to be prepared for what is ahead.

2018 brings a plethora of security issues – each more fascinating and challenging than the last:

Non-Malware Attacks

The future of client-side malware attacks is fileless. And it would appear the future has arrived with a growing number of attacks using fileless or in-memory malware to pose a threat to business that’s increasingly difficult to neutralize. Fileless malware infects targeted computers while leaving nothing behind on the local hard drive. This makes it incredibly easy to sidestep traditional signature based security. During the past year, fileless attacks have been on the rise. According to the SANS 2017 Threat Landscape Survey, one-third of organizations surveyed reported facing fileless attacks in 2017.

In 2017 attackers managed to hit 140 enterprises, including banks, telecoms, and government organizations, with the fileless malware. The organizations were primarily in the U.S., U.K., and Ecuador but firms in Brazil, Tunisia, Turkey, France, Spain and, and Spain were also compromised. Researchers described how the attackers used the malware to gain a firmer foothold into bank’s systems and cash out.

New Jersey Cybersecurity and Communications Integration Cell, NJCCIC says: “The NJCCIC assesses with high confidence that fileless and ‘non-malware’ intrusion tactics pose high risk to organizations, both public and private, and will be increasingly employed by capable threat actors intent on stealing data or establishing persistence on networks to support ongoing espionage objectives or to enable future acts of sabotage.”

What can you do now? Here is a good start:

  • Make a shift in end-user awareness
  • Disabling the use of PowerShell on networks
  • Monitor more closely outbound traffic
  • Trace it back to applications making those requests.

Supply Chain Attacks

Supply chain attacks in 2017 were only the beginning of the growing trend. These attacks seek to damage an organization by targeting less-secure elements in the supply network. Much like social engineering, these supply chain attacks exploit a trust relationship between a software (or hardware) vendor and its customers.

CloudHopper, CCleaner, ShadowPad, Kingslayer, PyPi and M.E.Doc – many of which targeted software aimed at IT administrators and software developers Reports of these attacks are likely to increase in 2018 as new names enter the hacking world. Supply chain attacks are not new, however, the frequency is reason enough to cause concern.

What can you do now? Here is a good start:

  • Create a process of strict control of your institution’s supply network in order to prevent potential damage from cybercriminals
  • Ensure that all applications receive their updates over secure encrypted channels

Phishing Attacks

Phishing Attacks – usually comprised of a malicious email attachment or an email with an embedded, malicious link are the primary vector for malware attacks. Luckily, if you know what you’re looking for, they are easy to detect. However, phishing is far from over.

Some 2017 highlights – source: Info-Security Magazine

  • 1 in 25 for Qatar – A nation of just 2.3 million people saw its businesses and residents hit not just by one major attack, but more than 93,570 phishing events in a three-month span at the start of the year. Such attacks leveraged both email and SMS texts as attack vectors.
  • An Eastern-European cyber-criminal group sent “malware laden” emails to Chipotle staff that compromised Point of Sale systems at most Chipotle locations, obtain customer credit card data from millions of people in the process.

     

  • After months of uncertainty, the U.S. Department of Justice (DOJ) announced the arrest of a Lithuanian man for allegedly stealing $100 million from two U.S.-based tech companies. The attacker targeted attack successfully used a phishing email to induce employees into wiring the money to overseas bank accounts under his control.

What can you do now? Here is a good start:

  • Training and awareness
  • Strict management on admin access
  • Invest in web protection, email protection, mobile device management, password management etc.

If there is one thing that 2017 should have taught us, it is that attacks are becoming more complex, more advanced and can happen to anyone. Opening the dialogue and empowering our peers to educate and plan accordingly is not only the best course of action – it is possibly the only one!

25 Top Attacks And Data Breaches That Took Us by Storm in 2017

 

  1. NHS Cyber Attack: UK’s NHS was attacked by a tool, known as EternalBlue, which affected trusts, GP practices, and hospitals across the nation. The cyber-attack cancelled tens of thousands of appointments and disrupted hospital systems that led to staff resorting to pen and paper as means of administration. Read More
  2. HBO: HBO’s systems were compromised and 1.5 terabytes of data, including episodes of TV shows, were stolen. Read More
  3. Ukraine Cyber Attack: Ukraine was struck with a malware, called wiper, that completely deleted its victims’ hard drives. This disrupted businesses and users were asked to pay USD 300 in bitcoin to regain access to their PCs. Read More
  4. Maersk Cyber Attack: Shipping giant AP Moeller-Maersk was infected by a computer virus which caused outages in its systems and severely affected their operations. Their unloading of vessels at Tacoma port was slowed down after the attack. Read More
  5. Deloitte: Deloitte, one of the biggest auditing firms, was hacked and confidential emails and plans of their blue-chip clients were compromised. It went unnoticed for months.  Read More
  6. FedEx TNT Express: FedEx’s subsidiary, TNT division, had its computer systems compromised by a ransomware outbreak. It would cost the company USD300 million to restore their IT operations. Read More
  7. BadRabbit Russia: Private individuals were warned on the virus called BadRabbit, a ransomware that locks up computers and asks users to pay for the return of access. Read More
  8. Equifax : 700,000 Equifax consumers were compromised by a breach of data which accessed their personal details – including credit card details, phone numbers, and even license number. Read More
  9. Scottish Parliament: Scottish Parliament’s computer systems were attacked and hackers were attempting to access email accounts through cracking their passwords, which resulted in some users getting locked out of their accounts. Read More
  10. Uber: A breach of Uber’s 57 million customers personal information was acknowledged by the company in 2017. They also confirmed that they paid hackers USD100,000 to keep mum and delete the data collected. Read More
  11. Deutsche Telekom: Deutsche Telekom had 900,000 of its routers hijacked which stopped owners and users from going online. A 29-yr-old British man has confessed to carrying out the attack. The estimated cost of the attack was said to be around EUR2 million. Read More
  12. Pornhub: Users of the adult site Pornhub were in danger of contracting a malware as hackers hijacked the websites adverts. The attack was known as malvertising which attracted users to click on a fake advert which allowed the hackers to infect the user’s PC with an ad fraud malware. Read More
  13. NiceHash: NiceHash, a Slovenian bitcoin mining marketplace, was hacked and nearly USD 64 million worth of bitcoin was stolen. According to the people in NiceHash, “a highly professional attack with sophisticated social engineering’ was employed by the hackers to get into their system and steal 4,700 bitcoins. Read More
  14. Wall Street Hack: Wall Street’s regulator admitted that its database of corporate announcement – from the EDGAR filing system – was breached. The hack, which was hushed by the SEC, were thought to be used by cyber criminals to do insider trading. Read More
  15. Yahoo!: Yahoo! Released new figures following their 2013 data breach wherein they admitted that data associated to 3 billion of their user accounts were compromised. Account information such as names, emails, phone numbers, hashed passwords, security questions, and answers were stolen by hackers. Read More
  16. Dallas Siren Hack: Dallas Texas’ 156 emergency sirens were hacked and simultaneously triggered. The noise lasted for 90 seconds which resulted in over 4,000 calls to 911. Read More
  17. Imgur: Imgur admitted to a security breach which compromised their users’ emails and passwords. The company said that they never ask for names, phones, and addresses. While the breach occurred 3 years ago, the company only realized its occurrence this year. Read More
  18. Vevo: Vevo, Sony Music, and several other media platforms were hacked. Roughly 3.12 terabytes of files were taken and then posted online for public viewing. OurMine hackers have claimed the breach. Read More
  19. WikiLeaks: WikiLeaks was attacked by OurMine hackers and they took over their webpage. They carried out a DNS poisoning where links to their website would lead to a page created by the hackers. Read More
  20. Coachella:  Coachella was a victim of a large data breach where festival-goers’ information, including full names, emails, phone, and birthdates, were accessed by hackers. Read More
  21. Instagram: Instagram warned users that hackers may have exploited a bug in the app’s API. While only high profile users were targeted, the hackers stole email addresses and phone numbers. Read More
  22. Microsoft: Hackers, who are now detained by police, have been trying to infiltrate the Microsoft network seeking to steal customer data. Read More
  23. Pizza Hut: Pizza Hut informed customers that personal information stored in their systems have been compromised. A security intrusion gained hackers access to numerous names, billing ZIP codes, addresses, emails, and credit card information. Read More
  24. EtherDelta CryptoCurrency: EtherDelta, a cryptocurrency exchange site, told its users to not open their site due to a malicious attack that gave users risk of having their virtual currencies stolen. The hacker faked the webpage’s facade and was then able to gather information from users logging in. Read More
  25. Korean Bitcoin Exchange Yapizon: Another bitcoin exchange in South Korea, Yapizon, was compromised and had 3,800 bitcoins in customer funds stolen. Read More