Hackers seek ransoms in Baltimore and communities across the United States



[ad_1]

Baltimore residents begin their fifth week under an electronic seat that prevented residents from obtaining building permits and business licenses. and even buy or sell houses. One year after hackers disrupted the city's emergency dispatch system, municipal employees were no longer able to use government e-mail accounts or perform routine activities, among other things. in the city.

During this attack, a type of malware called ransomware encrypted key files, rendering them unusable until the city paid 13 bitcoins to unknown attackers, or about $ 76,280. But even if the city paid, there was no guarantee that its files would all be recovered; many ransomware attacks end in the loss of data whether the ransom is paid or not.

Similar attacks in recent years have paralyzed the UK's National Health Service, transportation giant Maersk, and local, county and state governments in the United States and Canada.

These types of attacks are becoming more common and are attracting more and more media attention. As a cybersecurity professional, the technical aspects of this type of incident are only part of a larger picture. Every technology user needs to consider not only threats and vulnerabilities, but also business processes, potential points of failure, and how they use technology every day. Thinking ahead and taking protective measures can help reduce the effects of cybersecurity incidents on individuals and organizations.

Understanding the tools of cyberattack

Software designed to attack other computers is not new. Nations, private companies, individual researchers and criminals continue to develop such programs for a variety of purposes, including digital warfare and intelligence gathering, as well as extortion through ransomware.

Many malware starts out as a normal and crucial function of cybersecurity: identifying software and hardware vulnerabilities that could be exploited by an attacker. Security researchers then work to close this vulnerability. On the other hand, malicious software developers, criminals or others, will discover how to cross this opening without being detected, to explore and potentially to sow chaos in the systems of a target.

Sometimes a simple weakness is enough to give an intruder the access he wants. On other occasions, attackers simultaneously use multiple vulnerabilities to infiltrate a system, take control, steal data, and modify or delete information. trying to hide any evidence of their activity from programs and security personnel. The challenge is so great that artificial intelligence and machine learning systems are also integrating to facilitate cybersecurity activities.

One can question the role that the federal government might have played in this situation, because one of the hacking tools that the attackers would have used in Baltimore was developed by the US National Security Agency, what the NSA has denied. However, the hacker tools stolen from the NSA in 2017 by the Shadow Brokers hacker group were used to launch similar attacks a few months after the publication of these tools on the Internet. Admittedly, these tools should never have been stolen from the NSA and should have been better protected.

But my point of view is more complicated than that: as a citizen, I recognize the NSA's mandate to research and develop advanced tools to protect the country and fulfill its mission of national security. However, like many cyber security professionals, I am always in conflict: when the government discovers a new technology vulnerability without informing the manufacturer of the hardware or software concerned as long as it does not occur. has not been used to cause damage or leaked, everyone is in danger.

The situation of Baltimore

The estimated $ 18 million cost of recovery in Baltimore is money that the city probably does not have easy access to. Recent research by some of my colleagues at the University of Maryland in Baltimore County shows that many state and local governments remain terribly under-prepared and underfunded to cope adequately, and yet less proactive, with the many challenges of cybersecurity.

It is disturbing to note that the ransomware attack in Baltimore exploited a vulnerability known to the public. with a fix available for over two years. The NSA had developed an exploit (code name EternalBlue) for this discovered security vulnerability but had not warned Microsoft of this critical security vulnerability until early 2017. and only after the Shadow Brokers stole the NSA tool to attack it. Shortly after, Microsoft released a software security update to fix this critical flaw in its Windows operating system.

Certainly, it can be very complex to manage software updates for a large company. But given the media coverage of the unauthorized disclosure of many of the NSA's hacking tools and the vulnerabilities they have targeted, it is not clear why the Baltimore IT staff has not ensured that the city immediately receive this security update. And while it may not be fair to blame the NSA for the Baltimore incident, it is quite fair to say that the knowledge and techniques behind digital warfare tools are widespread around the world; we must learn to live with them and adapt accordingly.

Complex issues

In a global society where individuals, businesses and governments are increasingly dependent on computers, digital weaknesses have the power to disrupt or seriously destroy everyday actions and functions.

Even trying to develop workarounds in the event of a crisis can be difficult. Employees in the city of Baltimore, prevented from using the city's e-mail system, tried to create free Gmail accounts to at least work. But they were first blocked by Google's automated security systems, which identified them as potentially fraudulent.

Worse, when Baltimore online services were interrupted, parts of the city's municipal phone system were unable to cope with the resulting increase in calls. This underscores the need to focus not only on the technology products themselves, but also on the policies, procedures and capabilities needed to ensure that individuals and / or organizations can remain at least functionally operational when they are under management. the constraint, whether they are victims of cyberattacks, technological failures or natural acts.

Protect yourself and make a living

The first step in the fight against ransomware attacks is to back up your data regularly. which also provides protection against hardware failures, theft and other problems. To manage ransomware, it is especially important to keep a few versions of your backups over time. Do not just rewrite the same files on a backup drive again and again.

This is because when you are touched, you want to determine when you have been infected and restore files from a backup made earlier. Otherwise, you will only recover infected data and will not really solve your problem. Yes, you may lose data, but not everything and probably your most recent work, which you will probably remember and re-create quite easily.

And of course, following some of the best cybersecurity practices even just the basics can help you prevent, or at least minimize, the possibility of ransomware paralyzing you or your organization. Doing things like running current antivirus software, keeping all software up to date, using strong pbadwords and multi-factor authentication, and not blindly trusting random devices or attachments you encounter are just a few. steps to becoming a good digital citizen.

It is also useful to plan for possible problems with your email provider, your Internet service provider and your utility company, as well as the software on which we rely. Whether they are attacked or simply fail, their absence can disrupt your life.

For example, ransomware incidents are an important reminder that cybersecurity is not just about protecting digital bits and bytes in cyberspace. Rather, it should force everyone to think globally and comprehensively about their relationship to technology and the processes that govern its role and use in our lives. And that should inspire people to think about how they might work without having it at work and at home, because you have to know when and not if problems are going to happen.

# # #

Richard Forno, Senior Lecturer, Cyber ​​Security Researcher and Internet, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

[ad_2]
Source link