Subscribe to RSS - Cybercrime

Cybercrime

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

New tech holds the key to stopping cybercrime, study finds

 - 
Tuesday, February 12, 2019

You don’t have to look too hard to find a sobering example of cybercrime, as it's as pervasive as ever these days, even on the national level with recent reports that cyber criminals have access to critical infrastructure such as our national power grids and gas lines. The good news, though, is technology may be our best weapon against these invisible criminals.

In fact, the use of big data and blockchain technologies are key to fighting cybercrime, according to a new study from Frost & Sullivan that looks at how effective machine learning is in aiding early detection of cyber anomalies, and how good blockchain is at creating a trustworthy network between endpoints.

Frost and Sullivan noted that the rise of the Internet of Things has opened up numerous points of vulnerabilities, compelling cybersecurity companies, especially startups, to develop innovative solutions to protect enterprises from emerging threats. As cybercrime becomes more sophisticated and even a method of warfare, the research firm found, technologies such as machine learning, big data, and blockchain will become prominent.

"Deploying Big Data solutions is essential for companies to expand the scope of cybersecurity solutions beyond detection and mitigation of threats,” Hiten Shah, research analyst, TechVision, said in the announcement of the findings. "This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."

The study, Envisioning the Next-Generation Cybersecurity Practices, presents an overview of cybersecurity in enterprises and analyzes the drivers and challenges to the adoption of best practices in cybersecurity. It also covers the technologies impacting the future of cybersecurity and the main purchase factors.

"Startups need to make their products integrable with existing products and solutions as well as bundle their solutions with market-leading solutions from well-established companies," noted Shah. "Such collaborations will lead to mergers and acquisitions, ultimately enabling companies to provide more advanced solutions."

Technologies that are likely to find the most application opportunities include:

•    Big Data: It enables automated risk management and predictive analytics. Its  adoption will be mostly driven by the need to identify usage and behavioral patterns to help security operations spot anomalies.
•    Machine Learning: It allows security teams to prioritize corrective actions and automate real-time analysis of multiple variables. Using the vast pools of data collected by companies, machine-learning algorithms can zero in on the root cause of the attack and fix detected anomalies in the network.
•    Blockchain: The data stored on blockchain cannot be manipulated or erased by design. The tractability of activities performed on blockchain is integral to establishing a trustworthy network between endpoints. Furthermore, the decentralized nature of blockchain greatly increases the cost of breaching blockchain-based networks, which discourages hackers.

Envisioning the Next-Generation Cybersecurity Practices is part of Frost & Sullivan’s global Information & Communication Growth Partnership Service program.