How to Prevent Ransomware Attacks Against Your City Network

So what is a Ransomware attack?

You may have read in the news lately about a new and growing threat to municipal computer networks, ransomware attacks. These attacks can be crippling, and can shut down entire cities for weeks or even months. They can have devastating consequences and can cost hundreds of thousands of dollars in ransom just to get a city’s network back online. The good news is, these types of municipal malware attacks are preventable.

Hows does a Ransomware Attack Work?

A ransomware attack, such as Cryptolocker or Triple Threat (which combines Emotet, TrickBot and Ryuk) work by gaining a foothold somewhere your network, usually through a phishing campaign to city employees, or by gaining access to the network through out of date software. Once they are in the network, they spread from machine to machine and server to server to infect as many machines as possible. Once they have infected a large enough number of machines, they activate and begin encrypting all the data stored on every computer. One the data is encrypted, users will be given the ransom demands on their computer screens. Ransom demands can range from $75,000 in bitcoins, as in the Baltimore attacks, or range into the hundreds of thousands, as in the $600,000 Riveria Beach attack ransom.

How do I prevent a Ransomware Attack?

Preventing a ransomware attack is always your best option, potentially saving your city hundreds of thousands of dollars is losses. Luckily preventing a ransomware attack is doable. Here are 4 basic steps you should take to prevent ransomware attacks on your municipal network:

1) Update, update, update

Most malware attacks take advantage of out of date software and operating systems with security holes. Make sure your entire network, all servers and end user desktops and laptops are updated with the most current version of Windows or MacOS and that automatic updates are enabled. Monthly updated are critical to your security.

2) Use Anti-virus / Anti-malware software on everything

A strong antivirus software is one of the best defenses against ransomware attacks. Ensure that every server, desktop and laptop in your network has an up-to-date copy of some antivirus software running on it. Make sure that automatic definition updates are enabled and that the machine is being being protected with realtime protection or with daily scans.

3) Ensure your Disaster Recovery Plan is in place, and working

Recovering from an attack after the fact, without paying the ransom, is near impossible, unless you have a well planned, tested and functioning Disaster Recovery Plan. That means ensuring that all your servers and data are backed up on a daily basis and stored offsite. A good rule of thumb is the 3-2-1 backup rule. Always have 3 copies of your data, 2 of them should be on different types of storage and 1 of them should be offsite. With a solid Disaster Recovery Plan, recovery from a ransomware attack can be a simple as cleaning your servers and restoring your data.

4) Know your network and software

Do you know what is currently on your network? Do you know if your machines are updated? How well is your anti-virus software working? Knowing exactly how well protected your network is can be the difference between ransomware taking over your network and staying safe. Perform regular Security Risk Assessments to ensure you are properly protecting your network and data from attacks.

An Ounce of Prevention is Worth A Pound of Cure

Preventing ransomware in your cities network is defiantly one place where this old adage holds true. Taking four the basic steps outline above to protect your municipal network will go a long way to preventing ransomware attacks. Recovering from a ransomware attack can be a nightmare, so plan ahead, practice good IT hygiene, and you can significantly lessen the risk of a municipal ransomware attack.

So what exactly is a Security Risk Assessment?

So what exactly is a Security Risk Assessment?

A Security Risk Assessment (or SRA) is an assessment that involves identifying the risks in your company, your technology and your processes to verify that controls are in place to safeguard against security threats. Security risk assessments are typically required by compliance standards, such as PCI-DSS standards for payment card security. They are required by the AICPA as part of a SOC II audit for service organizations and are also requirements for ISO 27001, HITRUST CSF and HIPAA compliance, just to name a few. Because of this, security risk assessments can go by many names, sometimes called a risk assessment, an IT infrastructure risk assessment, a security risk audit, or security audit.

Security Risk Assessments are performed by a security assessor who will evaluate all aspects of your companies systems to identify areas of risk. These may be as simple as a system that allows weak passwords, or could be more complex issues, such as insecure business processes. The assessor will typically review everything from HR policies to firewall configurations while working to identify potential risks.

For example, during the discovery process an assessor will identify all databases containing any sensitive information, an asset. That database is connected to the internet, a vulnerability. In order to protect that asset, you need to have a control in place, in this case it would be a firewall. You have now taken the first step in mitigating risk.

A Security Risk Assessment identifies all your critical assets, vulnerabilities and controls in your company to ensure that all your risks have been properly mitigated.

Why do I need a
Security Risk Assessment?

A Security Risk Assessment is vital in protecting your company from security risks.  Imagine being tasked with remodeling a house, without being told what’s wrong with it first. A security risk assessment provides you with the blueprint of risks that exist in your environment and gives you vital information about how critical each issue is. Knowing where to begin when improving your security allows you to maximize your IT resources and budget, saving you time and money.

Whats the difference between Risk Management and a
Security Risk Assessment?

This is one of the most common questions when people begin to read through security or compliance requirements. The short answer is: a Security Risk Assessment is a point-in-time review of your companies technology, people and processes to identify problems. Risk Management is an ongoing process where you round up all the identified risks in your company and work towards eliminating them.

Security Risk Assessments are deep dive evaluations of your company, or maybe even a specific IT project or even a company department. During the assessment, the goal is to find problems and security holes before the bad guys do. The assessment process should review and test systems and people, looking for weaknesses. As they are found, they are ranked based on how big of a risk they are to the company. The resulting report will identify systems that are working well and properly secured, and those that have issues. A Security Risk Assessment will typically have very specific technical results, such as network scanning results or firewall configuration results.

Risk Management is an ongoing effort to collect all the known problems, and work to find solutions to them. Think of a Risk Management process as a monthly or weekly management meeting. Each week, risks and problems are identified, ranked and then discussed to ensure that nothing is slipping through the cracks. The goal of a Risk Management process is to continually improve the security of a company and work to eliminate all risks as they occur.

What types of systems are involved in a
Security Risk Assessment?

A Security Risk Assessment is a far reaching review of anything that could pose a risk to the security or compliance of the company. Each assessment is tailored to fit the exact purpose and scope requested by the client. Assessments can involve any of the following elements:

Infrastructure

  • Facility Power & Redundancy
  • Backup Power, UPS & Generator Capacity
  • Facility Cooling Capacity & Redundancy
  • Facility Fire Suppression Systems
  • Server Wiring and Cabling
  • Server Rack Infrastructure
  • Facility Physical Security & Tracking Systems
  • Facility Camera & Alarm Systems

Servers & Systems

  • Server Inventory including detected OS’s
  • Server Vulnerability Reports
    Server Resource Utilization
  • Server Backup Processes
  • Redundancy / High Availability Configuration
  • Anti-Virus/Anti-Malware Systems
  • IT Asset Inventory Processes
  • Server Update Processes
  • Identity & Authentication Systems

Network

  • Complete Network Discovery Mapping
  • Discovered Network Inventory List
  • Internal Network Device Vulnerability Scan
  • External Network Device Vulnerability Scan
  • Firewall Vulnerability Scan
  • IDS/IPS Review
  • SPAM Filtering Review
  • Web Filter Device Review
  • Data Loss Prevention Systems Review

Application Scanning

  • Discovery of all internal web applications
  • Discovery of all external web applications
  • Application Vulnerability Assessment
  • Application Server Vulnerability Scanning

Information Security

  • Sensitive Data Inventory
  • Data Classification
  • Data Risk Analysis
  • Data Encryption Review
  • Access Authorization Procedures Access Controls

Policies

  • Comprehensive IT Policy Review
  • Disaster Recovery Plan Review
  • Business Continuity Plan Review
  • Device and Media Control Policy Review
  • Software Development Procedure Review
  • Security Incident Procedure Review
  • Log Monitoring Process Review
  • Workforce Security Policy Review
  • Workforce “Hire and Fire” Policy Review
  • Risk Management Process Review

So How do you perform a
Security Risk Assessment?

A Security Risk Assessment typically covers all aspects of a company from IT to Operations to HR and Accounting. An assessment is a labor intensive process, although each assessment is unique to match the company and scope, they typically take 30-60+ days and contain the phases outlined below:

Initial Discussion

Adsero schedules a conference call to discuss your company, your procedures and what your goals are during the Risk Assessment process. 

Onsite Discovery

Next our team of experts will spend time at your facility to perform an onsite review of your technology and processes. 

Analysis

Adsero Security’s analysts then take the information gathered during the onsite visit and begin identifying risks and controls you may have in place already.

The Report

Once all the analysis is complete, you will receive a complete Risk Assessment report that outlines all your assets, vulnerabilities and risks. The report includes recommendations on how to improve your overall security and compliance.

Top 10 Overlooked Security Risks: 4 of 10

Encrypting Laptops and Desktops

Encrypting desktops and laptop computers is one of the easiest ways to prevent data loss as a result of lost or stolen computers. Modern operating systems such as Windows 10 Pro and MacOS High Sierra include full disk encryption features bundled with the operating system. Once a disk is encrypted, it is impossible to access data on the device without the proper credentials. This simple task is extremely effective and yet has zero impact on users’ daily work tasks and responsibilities.

Top 10 Overlooked Security Risks: 3 of 10

Data Destruction and Disposal

Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.

Top 10 Overlooked Security Risks: 2 of 10

Shared or Weak WiFi Passwords

Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Once a person has your WiFi password, they can access your network at any time, even from outside your building’s locked doors, or potentially after you have terminated them, leaving you with no control. Users should always connect to WiFi using a unique username and strong password that company staff can enable and disable as needed. Company policy should always enforce users to use strong passwords so your Wifi password cannot be guessed or compromised.

Top 10 Overlooked Security Risks: 1 of 10

Screen Locking

Once a user logs into a computer, they potentially have access to sensitive company information. If they get distracted or leave their computer unattended, it leaves your company data open to potential theft or exploit. Ensure that all company computers are set to automatically lock the screen after a defined time interval, e.g. 15 or 30 minutes and then require a password to log back in.

Breach Exposes Sensitive California State Employee Data

Data Breaches occur almost on a daily basis. You may not know that your IT Security problem is. We will find it and we’ll develop and implement real-world solutions.  Read on to learn more about the data breach that leaked state government material.

News has surfaced of a breach of sensitive data of California state employees.

As reported by The Sacramento Bee, it appears thousands of Social Security numbers have been exposed at the Department of Fish and Wildlife, with the department confirming so in a memo sent to its staff.

It is alleged the breach was discovered in December last year but was only disclosed to employees this week. The California Highway Patrol is thought to be investigating the incident, which is believed to have been brought about as a result of a former state employee downloading data to a personal device before taking the device outside of the state’s network. Read more »

The most common type of data breach in hospitals? Paper records, study suggests

Our HIPAA risk assessment includes a comprehensive review of your current IT and data security policies, procedures, networks, systems, and configurations. Adsero Security can help your company or practice improve its security and HIPAA compliance. Read on to discover what type of data breach is most likely to happen in a hospital and how this could lead to a HIPAA disaster.  Read more »

FedEx data breach: 119,000 passports or photo IDs found on unsecured server

We are solutions, builders who provide comprehensive, complete, IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. Breaches such as the one afflicting FedEx could have been avoided if Adsero Security were involved. Read on to find out how this happened.

Thousands of FedEx (FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.

The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.

According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.

FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation,” a spokesman confirmed to FOX Business on Friday.

The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.

What cybersecurity surprises does 2018 hold?

As more technological advancements are made, more opportunities for cybersecurity issues will arise. One thing is for sure, there is no problem that Adsero Security can’t solve. Read on to find out what surprises are in store for this year.

Bitcoin, the General Data Protection Regulation in Europe and the Internet of Things (IoT) are just three recent developments that will present security professionals with new challenges in 2018. That’s in addition to the usual raft of malware, DDoS attacks and database thefts that have dominated the headlines for some time.

To get a handle on what to expect, we asked two Keeper Security experts – Director of Security and Architecture Patrick Tiquet and Chief Technology Officer Craig Lurey – to peer into their crystal balls to find what 2018 holds. Here’s what they saw.

IoT

IoT has been on Patrick’s mind a lot lately, not just because it represents a vast expansion of the attack surface, but also because it opens whole new types of data to compromise. “Every aspect of your everyday life is potentially accessible to anyone anywhere in the world in seconds,” he says. “All your conversations can be accessed, captured and converted.”

Vulnerabilities have already been reported in voice-activated personal assistants, and attackers years ago figured out how to turn on smartphone microphones and cameras without the owner’s knowledge. “We will see a major IoT security disaster this year, and I think it will be bigger than the Dyn hack of 2016,” which originated with printers, security cameras, residential gateways and baby monitors,” Patrick says.

New attack vectors

New attack vectors have also been on Craig’s mind, particularly in light of recent disclosures of hardware flaws in microprocessors. “There’ll be more activity by hackers around hardware-based attacks that go after the memory of the device,” he says. Particularly concerning is that “Spectre and Meltdown took advantage of hardware flaws but were able to abstract them to the software level.” That makes them harder to stop with conventional anti-malware protections alone. Hardware vulnerabilities may demand a whole new type of protection.