main

DDoS Attacks

Healthcare is in Cybercriminals’ Crosshairs

August 6, 2019 — by Mark Taylor0

healthcare-960x640.jpg

The healthcare industry is a prime target of hackers. According to Radware’s 2018-2019 Global Application and Network Security Report, healthcare was the second-most attacked industry after the government sector in 2018. In fact, about 39 percent of healthcare organizations were hit daily or weekly by hackers and only 6 percent said they’d never experienced a cyber attack.

Increased digitization in healthcare is a contributor to the industry’s enlarged attack surface. And it’s accelerated by a number of factors: the broad adoption of Electronic Health Records Systems (EHRS), integration of IoT technology in medical devices (software-based medical equipment like MRIs, EKGs, infusion pumps), and a migration to cloud services.

Case in point: 96% of non-federal acute care hospitals have an EHRS. This is up from 8% in 2008.  

Accenture estimates that the loss of data and related failures will cost healthcare companies nearly $6 trillion in damages in 2020, compared to $3 trillion in 2017. Cyber crime can have a devastating financial impact on the healthcare sector in the next four to five years.

The Vulnerabilities

According to the aforementioned Radware report, healthcare organizations saw a significant increase in malware or bot attacks, with socially engineered threats and DDoS steadily growing, as well. While overall ransomware attacks have decreased, hackers continue to hit the healthcare industry the hardest with these attacks. And they will continue to refine ransomware attacks and likely hijack IoT devices to hold tech hostage.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Indeed, the increasing use of medical IoT devices makes healthcare organizations more vulnerable to DDoS attacks; attackers use infected IoT devices in botnets to launch coordinated attacks.

Additionally, cryptomining is on the rise, with 44 percent of organizations experiencing a cryptomining or ransomware attack. Another 14 percent experienced both. What’s worse is that these health providers don’t feel prepared for these attacks. The report found healthcare “is still intimidated by ransomware.”

The Office of Civil Rights (OCR) has warned about the dangers of DDoS attacks on healthcare organizations; in one incident, a DDoS attack overloaded a hospital network and computers, disrupting operations and causing hundreds of thousands of dollars in losses and damages.

[You may also like: 2018 In Review: Healthcare Under Attack]

Why Healthcare?

The healthcare industry is targeted for a variety of reasons. For one thing, money. By 2026, healthcare spending will consume 20% of the GDP, making the industry an attractive financial target for cyber criminals. And per Radware’s report, the value of medical records on the darknet is higher than that of passwords and credit cards.

And as my colleague Daniel Smith previously wrote, “not only are criminals exfiltrating patient data and selling it for a profit, but others have opted to encrypt medical records with ransomware or hold the data hostage until their extortion demand is met. Often hospitals are quick to pay an extortionist because backups are non-existent, or it may take too long to restore services.”

[You may also like: How Secure is Your Medical Data?]

Regardless of motivation, one thing is certain: Ransomware and DDoS attacks pose a dangerous threat to patients and those dealing with health issues. Many ailments are increasingly treated with cloud-based monitoring services, IoT-embedded devices and self or automated administration of prescription medicines. Cyber attacks could establish a foothold in the delivery of health services and put people’s lives and well-being at risk.

Recommendations

Securing digital assets can no longer be delegated solely to the IT department. Security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives–not just for enterprises, but for hospitals and healthcare providers alike.

To prevent or mitigate DDoS attacks, US-Computer Emergency Readiness Team (US-CERT) recommends that organizations consider the following measures:

  • Continuously monitoring and scanning for vulnerable and comprised IoT devices on their networks and following proper remediation actions
  • Creating and implementing password management policies and procedures for devices and their users; ensuring all default passwords are changed to strong passwords
  • Installing and maintaining anti-virus software and security patches; updating IoT devices with security patches as soon as patches become available is critical.
  • Installing a firewall and configuring it to restrict traffic coming into and leaving the network and IT systems
  • Segmenting networks where appropriate and applying security controls for access to network segments
  • Disabling universal plug and play on routers unless absolutely necessary

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Security

Cities Are Under Attack. Here’s Why.

June 25, 2019 — by Mark Taylor0

Ransomware-960x615.jpg

Greenville, North Carolina. Imperial County, California. Stuart, Florida. Cincinnati, Ohio. These are just a handful of cities and counties across the U.S. that have experienced crippling cyber attacks in recent months.

In 2019, local governments across the country have become the focus of attacks and face a growing threat of cyber attacks and escalating ransom demands. Indeed, ransomware is a pandemic in the United States, and hackers are increasingly going after larger targets instead of focusing on home computers, like most did five years ago.

[You may also like: Cities Paying Ransom: What Does It Mean for Taxpayers?]

The Vulnerabilities

Generally speaking, cities and municipalities are less prepared than companies to mitigate cyber attacks, due to limited resources and difficulty competing for cybersecurity talent. They are also increasingly reliant on technology to deliver city services. This, combined with aging computer systems, enlarges their attack surfaces.

And attackers are also getting more savvy. Per CSO Online, “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Why Cities and Municipalities?

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers.

This rationale is reinforced in Radware’s 2018-2019 Global Application & Network Security Report. According to the report, 52% of cyberattacks were motivated by financial or ransom purposes, far outpacing any other attack motivation. What’s more, government (cities and municipalities) are key targets, with 45% of government organizations being attacked on a daily or weekly basis.

[You may also like: How Cyberattacks Directly Impact Your Brand]

Simply put, the combination of constrained resources, data- and information-rich environments, countered by increasing automated attacks and attack types make cities and municipalities a high-value target for cyber criminals.

There’s no denying that in cities and municipalities, the pressure is on. Securing the constituent experience against cyberattacks is no longer just the responsibility of the IT department. Agencies need to implement security strategies–in every process and program–as if their very survival depends on them.

It only takes one data breach to compromise and expose constituent personal information or hobble critical services such as emergency response, public safety, air travel and more.

Recommendations

While it’s impossible to eliminate every risk or neutralize every threat, there are practical and minimal effort controls every city and municipality should consider. And tools alone don’t provide complete protection; a truly secure experience involves expert resources (threat intelligence), flexible deployment (cloud service), and agility or ease of use (fully managed).

[You may also like: Here’s How You Can Better Mitigate a Cyberattack]

When choosing the right security partner, which is critical for cities and municipalities, consider the following:

  • Evaluate protection for all web applications. Look for always-on and fully-managed services to protect both on-premise and cloud-based applications.
  • Evaluate risk from new DDoS attack types. Many organizations rely on their ISP and firewalls to detect and mitigate DDoS attacks. But DDoS attacks are growing and targeting applications, and application attacks are rarely detected by ISPs. 
  • Evaluate firewall DDoS protection. Attacks can fill state tables and bring down your firewall. 

The attack trends will persist in the foreseeable future, and all signs point to financial motivation gaining, thereby pushing attackers to try to profit from malicious malware. Of particular concern is the possibility of hackers investing their profits to leverage machine-learning capabilities to find ways to access and exploit resources in networks and applications.

Be prepared.

Download “Hackers Almanac” to learn more.

Download Now

HacksSecurity

Here’s How You Can Better Mitigate a Cyberattack

April 16, 2019 — by Daniel Smith1

HackersAlmanac-960x540.jpg

Where does the attack landscape lead us into 2020? No one knows for sure, but strong indicators help Radware build logic chains to better forecast where the state of network security is heading in the future.  Last year alone, the initial attributable cost of cyberattacks increased by 52% and 93% of those surveyed in our 2018-2019 Global Application and Network Security report experienced a cyberattack over the previous 12 months.

cyberattack. hacker. cyber security.

Let’s face it, today you stand a better chance of mitigating an attack if you understand your risks and the threats you may suffer due to your exposure. Once you begin to understand your enemies’ tactics, techniques, and procedures (TTPs), you can then begin to understand your enemies’ intentions and ability to disrupt your network. This is a good thing. Once you understand the basics, you can then begin to forecast attacks, allowing operators time to prepare to identify and mitigate malicious activity.

[You may also like: Can You Crack The Hack?]

Preparing for the next generation of cyber attacks has become the new norm and requires organizations to stay ahead of the threat landscape. Radware’s Hackers Almanac is designed to help do exactly that by generating awareness about current TTPs used by cyber criminals. In the Hackers Almanac, we cover two main topics: Groups and Tools.

Clear and Present Dangers

In the Groups section, we cover APTs, Organized Crime, Extortionist, DDoS’ers, Political and Patriotic Hackers, as well as Malicious insiders. In the Tools section, we cover Ransomware variants, exploit kits, Trojans and Botnets, as well as consumer tools and other persistent threats that can be expected on an annual basis.

While these threats constitute a clear and present danger to most if not all networks, knowledge is power and the first step to securing your network starts with surveying and auditing. Ensure that your system is up to date and adequately patched. The second step is getting in front of the problem by studying cyber criminals, the way they operate and how they launch their attacks. By understanding your network and its limitations and how hackers launch attacks, your organization can better prepare for attack vectors commonly leveraged by different threats targeting your network

[You may also like: How Cyberattacks Directly Impact Your Brand]

There is no need to fight every battle at the end of the day when you can learn from those around you. Before securing your network, make sure to conduct an audit of your organization’s system and understand its vulnerabilities/weaknesses. Then, leverage this almanac to study the threats posed against your organization.

Download “Hackers Almanac” to learn more.

Download Now

Application SecurityAttack Types & VectorsBotnetsSecurity

Are Connected Cows a Hacker’s Dream?

April 3, 2019 — by Mike O'Malley0

connected_cows-960x639.jpg

Humans aren’t the only ones consumed with connected devices these days. Cows have joined our ranks.

Believe it or not, farmers are increasingly relying on IoT devices to keep their cattle connected. No, not so that they can moo-nitor (see what I did there?) Instagram, but to improve efficiency and productivity. For example, in the case of dairy farms, robots feed, milk and monitor cows’ health, collecting data along the way that help farmers adjust techniques and processes to increase milk production, and thereby profitability.

The implications are massive. As the Financial Times pointed out, “Creating a system where a cow’s birth, life, produce and death are not only controlled but entirely predictable could have a dramatic impact on the efficiency of the dairy industry.”

From Dairy Farm to Data Center

So, how do connected cows factor into cybersecurity? By the simple fact that the IoT devices tasked with milking, feeding and monitoring them are turning dairy farms into data centers – which has major security implications. Because let’s face it, farmers know cows, not cybersecurity.

Indeed, the data collected are stored in data centers and/or a cloud environment, which opens farmers up to potentially costly cyberattacks. Think about it: The average U.S. dairy farm is a $1 million operation, and the average cow produces $4,000 in revenue per year. That’s a lot at stake—roughly $19,000 per week, given the average dairy farm’s herd—if a farm is struck by a ransomware attack.

[You may also like: IoT Expands the Botnet Universe]

It would literally be better for an individual farm to pay a weekly $2,850 ransom to keep the IoT network up. And if hackers were sophisticated enough to launch an industry-wide attack, the dairy industry would be better off paying $46 million per week in ransom rather than lose revenue.

5G Cows

Admittedly, connected cows aren’t new; IoT devices have been assisting farmers for several years now. And it’s a booming business. Per the FT, “Investment in precision ‘agtech’ systems reached $3.2bn globally in 2016 (including $363m in farm management and sensor technology)…and is set to grow further as dairy farms become a test bed for the wider IoT strategy of big technology companies.”

[You may also like: Securing the Customer Experience for 5G and IoT]

But what is new is the rollout of 5G networks, which promise faster speeds, low latency and increased flexibility—seemingly ideal for managing IoT devices. But, as we’ve previously discussed, with new benefits come new risks. As network architectures evolve to support 5G, security vulnerabilities will abound if cybersecurity isn’t prioritized and integrated into a 5G deployment from the get-go.

In the new world of 5G, cyberattacks can become much more potent, as a single hacker can easily multiply into an army through botnet deployment. Indeed, 5G opens the door to a complex world of interconnected devices that hackers will be able to exploit via a single point of access in a cloud application to quickly expand an attack radius to other connected devices and applications. Just imagine the impact of a botnet deployment on the dairy industry.

[You may also like: IoT, 5G Networks and Cybersecurity: A New Atmosphere for Mobile Network Attacks]

I don’t know about you, but I like my milk and cheeses. Here’s to hoping dairy farmers turn to the experts to properly manage their security before the industry is hit with devastating cyberattacks.

2018 Mobile Carrier Ebook

Read “Creating a Secure Climate for your Customers” today.

Download Now

Attack Types & VectorsSecurity

The Rise in Cryptomining

January 29, 2019 — by Radware1

cryptomining-960x255.jpg

There are four primary motivations for cyberattacks: crime, hacktivism, espionage and war. Setting aside nation-state sponsored groups, the largest faction of attackers are cybercriminals, individuals or well-established organizations looking to turn a profit.

For the last several years, ransom-based cyberattacks and ransomware had been the financial modus operandi for hackers, but 2018 flipped the coin to unveil a new attack vector: cryptomining.

Always Crypto

Radware’s Malware Threat Research Group monitored this phenomenon throughout the year and identified two recurring trends. Some groups use cryptomining to score a quick, easy profit by infecting machines and mining cryptocurrencies. Other groups use cryptomining as an ongoing source of income, simply by reselling installations on infected machines or selling harvested data.

While there is no definitive reason why cryptomining has become popular, what is clear are some of the advantages it has over older attacks methods:

  • It’s easy – There’s no need to develop a cryptomining tool or even buy one. An attacker can just download a free tool into the victim’s machine and run it with a simple configuration that instructs it to mine the pool.
  • CPU – While Bitcoin requires a graphic processing unit (GPU) to perform effective mining, other cryptocurrency, such as Monero, require only CPU to effectively mine a machine. Since every machine has a CPU, including web cameras, smartphones, smart TVs and computers, there many potential targets.
  • Minimal footprint — Other attack types require the hackers to market their “goods” or to actively use the information they acquired for malicious purposes. In cryptomining, the money moves directly to the attacker.
  • Value — The value of cryptocurrencies skyrocketed in late 2017 and early 2018. The outbreak quickly followed. More recently, as monetary value declined, so has the number of incidences.
  • Multipurpose hack — After successfully infecting a machine, hackers can leverage the installation of the malware program for multiple activities. Stealing credentials from machines? Why not use those machines to cryptomine as well (and vice versa)? Selling data mining installations on machines to other people? Add a cryptomining tool to run at the same time.

[You may also like: Top Cryptomining Malware. Top Ransomware.]

The Malware Ecosystem

There are a few popular ways for cybercriminals to launch cryptomining attacks:

  • Information stealing — By distributing a data harvesting malware, attackers steal access credentials or files (photos, documents, etc.), and even identities found on an infected machine, its browser or inside the network. Then, the cybercriminals generally use the stolen data to steal. In the case of bank credentials, the hackers use the information to steal money from accounts. They may also sell the stolen data through an underground market on the dark web to other hackers. Credit cards, social security numbers and medical records go for just a few dollars. Social media accounts and identities are popular, as well. Facebook and Instagram accounts have been hijacked and used for propagation.
  • Downloaders — Malware is distributed with simple capabilities to download additional malware and install on other systems.The motivation is to infect as many machines as possible. The next step is to sell malware installations on those machines. Apparently, even infected machines enjoy brand premium fees — machines from a Fortune 500 company cost a lot more.
  • Ransomware — Machines are infected with a malware that encrypts files, which are usually valuable to the victim, such as photos, Microsoft files (.xlsx,.docx) and Adobe Acrobat files. Victims are then asked to pay a significant amount of money in order to get a tool to decrypt their files. This attack was first introduced against individuals but grew exponentially when hackers figured out that organizations can pay a higher premium.
  • DDoS for ransom (RDoS) — Attackers send targets a letter that threatens a DDoS attack on a certain day and time unless the organization makes a payment, usually via Bitcoin. Often hackers know the IP address of the targeted server or network and launch a small-scale attack as a preview of what could follow.

[You may also like: Malicious Cryptocurrency Mining: The Road Ahead]

Social Propagation

Malware protection is a mature market with many competitors. It is a challenge for hackers to create a one-size-fits-all zero-day attack that will run on as many operating systems, servers and endpoints as possible, as well as bypass most, if not all, security solutions. So in addition to seeking ways to penetrate protection engines, hackers are also looking for ways to bypass them.

During the past year, Radware noticed several campaigns where malware was created to hijack social network credentials. That enabled hackers to spread across the social network accessing legitimate files on the machine and private information (or computing resources, in the context of cryptomining).

[You may also like: 5 Ways Modern Malware Defeats Cyber Defenses & What You Can Do About It]

Here are a few examples:

  • Nigelthorn – Radware first detected this campaign, which involved a malicious chrome extension, in a customer’s network. The hackers bypassed Google Chrome native security mechanisms to disguise the malware as a legitimate extension. The group managed to infect more than 100,000 machines. The purpose of the extension was cryptomining Monero currency by the host machine, as well as stealing the credentials of the victim’s Facebook and/or Instagram accounts. The credentials were abused to propagate the attack through the Facebook user’s contact network. It is also possible that the credentials were later sold on the black market.
  • Stresspaint — In this spree, hackers used a benign-looking drawing application to hijack Facebook users’ cookies. They deceived victims by using an allegedly legitimate AOL.net URL, which was actually a unicode representation. The true address is “xn--80a2a18a.net.” The attackers were building a database of users with their contact
    network, business pages and payment details. Radware suspects that the ultimate goal was to use this information to fund public opinion influence campaigns on the social network.
  • CodeFork — This campaign was also detected in some of Radware’s customers’ networks when the infected machines tried to communicate with their C&C servers. Radware intercepted the communication and determined that this group was infecting machines in order to sell their installations. The group has been active for several years during which time we have seen them distributing different malware to the infected machines. The 2018 attack included an enhancement that distributes
    cryptomining malware.

Moving Forward

Radware believes that the cryptomining trend will persist in 2019. The motivation of financial gain will continue, pushing attackers to try to profit from malicious malware. In addition, hackers of all types can potentially add cryptomining capabilities to the infected machines that they already control. Our concern is that during the next phase, hackers will invest their profits to leverage machine-learning capabilities to find ways to access and exploit resources in networks and applications.

Read “The Trust Factor: Cybersecurity’s Role in Sustaining Business Momentum” to learn more.

Download Now

Cloud SecuritySecurity

Evolving Cyberthreats: Enhance Your IT Security Mechanisms

November 28, 2018 — by Fabio Palozza0

cyber-960x720.jpg

For years, cybersecurity professionals across the globe have been highly alarmed by threats appearing in the form of malware, including Trojans, viruses, worms, and spear phishing attacks. And this year was no different. 2018 witnessed its fair share of attacks, including some new trends: credential theft emerged as a major concern, and although ransomware remains a major player in the cyberthreat landscape, we have observed a sharp decline in insider threats.

This especially holds true for the UK and Germany, which are now under the jurisdiction of the General Data Protection Regulation (GDPR). However, in the U.S., insider threats are on the rise, from 72% in 2017 to an alarming 80% in 2018.

The Value of Data Backups

When WannaCry was launched in May 2017, it caused damages worth hundreds of billions of dollars, affecting 300,000 computers in 150 nations within just a few days. According to a CyberEdge Group report, 55% of organizations around the world were victimized by ransomware in 2017; nearly 87% chose not to pay the ransom and were able to retrieve their data thanks to offline data-backup systems. Among the organizations that had no option other than paying the ransom, only half could retrieve their data.

What does this teach us? That offline data backups are a practical solution to safeguard businesses against ransomware attacks. Luckily, highly efficient and practical cloud-based backup solutions have been introduced in the market, which can help businesses adopt appropriate proactive measures to maintain data security.

[You may also like: SMB Vulnerabilities – WannaCry, Adylkuzz and SambaCry]

Security Concerns Give Way to Opportunities

However, there are concerns with regards to cloud security, as well with data privacy and data confidentiality maintenance. For instance, apprehensions regarding access control, constant and efficient threat-monitoring, risk assessment, and maintenance of regulatory compliance inhibit the holistic implementation of cloud solutions.

But while these concerns act as impediments for companies, they also serve as opportunities for security vendors to step into the scene and develop richer and more effective solutions.

And, make no mistake, there is a definite need for better solutions. According to Verizon’s 2015 Data Breach Investigations Report, even after the Common Vulnerabilities and Exposures (CVE) was published, 99.9% of exploited vulnerabilities went on to be compromised for more than a year, despite the availability of patches.

Why? Despite IT security experts’ insistence on regularly monitoring and patching vulnerabilities in a timely manner, doing so has its challenges; patching involves taking systems offline, which, in turn, affects employee productivity and company revenue. Some organizations even fail to implement patching due to lack of qualified staff. Indeed, more than 83% of companies report experiencing patching challenges.

[You may also like: The Evolving Network Security Environment – Can You Protect Your Customers in a 5G Universe?]

This is all to say, today’s dearth of effective patch and vulnerability management platforms provides opportunities for vendors to explore these fields and deliver cutting-edge solutions. And with IT security budgets healthier than ever, there’s a glimmer of hope that businesses will indeed invest in these solutions.

Let’s see what 2019 brings.

Read “Radware’s 2018 Web Application Security Report” to learn more.

Download Now

Attack Types & VectorsSecurity

The Origin of Ransomware and Its Impact on Businesses

October 4, 2018 — by Fabio Palozza4

origin_of_ransomware_and_business_impacts-960x641.jpg

In previous articles we’ve mentioned how Ransomware has wreaked havoc, invading systems and putting organizations’ reputation and stability at stake. In this article, we’ll start with the basics and describe what ransomware is and how it is used by cybercriminals to attack tens of thousands of systems by taking advantage of system-vulnerabilities.

[You might also like: Top Cryptomining Malware. Top Ransomware]

Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers till they pay a ransom to cybercriminals. Ransomware typically operates via the crypto virology mechanism, using symmetric as well as asymmetric encryption to prevent users from performing managed file transfer or accessing particular files or directories. Cybercriminals use ransomware to lock files from being used assuming that those files have extremely crucial information stored in them and the users are compelled to pay the ransom in order to regain access.

The History

It’s been said that Ransomware was introduced as an AIDS Trojan in 1989 when Harvard-educated biologist Joseph L. Popp sent 20,000 compromised diskettes named “AIDS Information – Introductory Diskettes” to attendees of the internal AIDS conference organized by the World Health Organization. The Trojan worked by encrypting the file names on the customers’ computer and hiding directories. The victims were asked to pay $189 to PC Cyborg Corp. at a mailbox in Panama.

From 2006 and on, cybercriminals have become more active and started using asymmetric RSA encryption. They launched the Archiveus Trojan that encrypted the files of the My Documents directory. Victims were promised access to the 30-digit password only if they decided to purchase from an online pharmacy.

After 2012, ransomware started spreading worldwide, infecting systems and transforming into more sophisticated forms to promote easier attack delivery as the years rolled by. In Q3, about 60,000 new ransomware was discovered, which doubled to over 200,000 in Q3 of 2012.

The first version of CryptoLocker appeared in September 2013 and the first copycat software called Locker was introduced in December of that year.

Ransomware has been creatively defined by the U.S. Department of Justice as a new model of cybercrime with a potential to cause impacts on a global scale. Stats indicate that the use of ransomware is on a steady rise and according to Veeam, businesses had to pay $11.7 on average in 2017 due to ransomware attacks. Alarmingly, the annual ransomware-induced costs, including the ransom and the damages caused by ransomware attacks, are most likely to shoot beyond $11.5 billion by 2019.

The Business Impacts can be worrisome

Ransomware can cause tremendous impacts that can disrupt business operations and lead to data loss. The impacts of ransomware attacks include:

  • Loss or destruction of crucial information
  • Business downtime
  • Productivity loss
  • Business disruption in the post-attack period
  • Damage of hostage systems, data, and files
  • Loss of reputation of the victimized company

You will be surprised to know that apart from the ransom, the cost of downtime due to restricted system access can bring major consequences. As a matter of fact, losses due to downtime may cost tens of thousands of dollars daily.

As ransomware continues to become more and more widespread, companies will need to revise their annual cybersecurity goals and focus on the appropriate implementation of ransomware resilience and recovery plans and commit adequate funds for cybersecurity resources in their IT budgets.

Read “Consumer Sentiments: Cybersecurity, Personal Data and The Impact on Customer Loyalty” to learn more.

Download Now

BotnetsDDoS AttacksSecurity

Cities Paying Ransom: What Does It Mean for Taxpayers?

September 25, 2018 — by David Hobbs1

cities_paying_ransom_higher_taxes_blog-960x641.jpg

On September 1, Ontario’s Municipal Offices experienced a cyberattack that left their computers inoperable when Malware entered its systems and rendered its servers useless. The municipality was faced with paying a ransom to the attackers or face the consequences of being locked out of its systems. Per the advice of a consultant, the city paid an undisclosed amount of ransom to its attackers.

Only a couple months earlier, the Town of Wasaga Beach in Ontario, faced the same issue and paid one bitcoin per server.  It spent 11 Bitcoins, valued at the time at $144,000, to regain control of 11 servers. The town negotiated with the attackers to reduce the price to $35,000.  After paying the ransom, Wasaga Beach assessed the damages to its city at $250,000 for loss of productivity and reputation.

This scenario has become commonplace today.  Cities, municipalities, and government agencies have all experienced ransom attacks. But ultimately taxpayers are the ones that pay the bill for these cyberattacks.  The city of Atlanta projected $2.6M for ransomware recovery in May of 2018.  Atlanta chose not to pay the ransom, and instead allocated the funds to incident response.

Have these cities actually tested backup systems and disaster recovery within the last 2-3 months?  As public entities, we would ideally have full transparency and an understanding of the capabilities in place to protect public infrastructure.

Why have certain cites lacked transparency about the decision to pay attackers? Could the reasons for poor public disclosure be a lack of expertise and IT security spending, fear of public criticism, or actual weaknesses in their IT systems?

[You might also like: Defending Against the Mirai Botnet]

Should there be disclosure laws for public sectors concerning data breaches and malware events?

If a city is constrained with IT budgets preventing their IT department from making advances in cybersecurity protection, do its citizens get to vote on how IT is handled?  What if outsourcing IT to a managed services expert reduced costs (and headcount/jobs) while providing greater security? Would municipalities be better off if they could focus on delivering services to their citizens without having to worry about IT security?

Considering there aren’t a ton of checks and balances (and possibly budget), is this going to become the norm for hackers to target?

Private sector companies have been forced to take cybersecurity more seriously and according to some projections, will spend over $1 trillion on global digital security through 2021. Bank of America and J.P. Morgan Chase each spend around $500 million a year on cybersecurity.  Meanwhile, federal cybersecurity spending continues to lag, with some estimates suggesting it will reach a meager $22 billion by 2022.

Is the answer to the problem to start looking at better disclosure in IT spending? Should the public sector IT be outsourced to IT experts and moved to the cloud? Will the taxpayers perpetually be on the hook for poor IT security protection in the public sector?

There are hosted solution providers today that provide secure solutions for cities. Some cloud providers already have turnkey government solutions available for sale. Some of these platforms include city management, fare and tolls, police and intelligence, prison management, court management, video management, and safe city management. What if the taxpayers found that it cost less money and did a better job of security?  Would the voters be able to push public transparency and cost reduction through? How many more events like this will it take to move government IT into better hands?

Read the “IoT Attack Handbook – A Field Guide to Understanding IoT Attacks from the Mirai Botnet and its Modern Variants” to learn more.

Download Now

Attack Types & VectorsSecurity

SMB Vulnerabilities – WannaCry, Adylkuzz and SambaCry

June 15, 2017 — by Daniel Smith6

smb-vulnerabilities-960x638.jpg

Last month on Friday, May 12th a global incident related to a ransomware variant named WannaCry broke out, targeting computers around the world. Everything from personal computers to corporate and university networks were affected by this campaign. The campaign spread across networks leveraging a recently disclosed vulnerability in Microsoft SMB service. On March 14th 2017, Microsoft released MS17-010, a security update, that addressed and patched six CVEs. Five were remote code executions and the sixth was related to information disclosure.