The Night the Lights Went out in Georgia (Almost)


As I sat down on a Friday afternoon to reflect on the past week, I felt that need to comment on the fact that the City of Atlanta is facing outages that are affecting not only the internal operations of the city but also their consumers, the residents of Atlanta. On Thursday Morning, Atlanta’s systems were hit by an instance of Ransomware. Systems were affected in various areas off the cities infrastructure, initially being reported as court and bill pay systems for the city. As employees began to show up for work they were directed not to turn on computers as a method to prevent the spread of the ransomware and limit the impact. At this time the originator of the attack is unclear, but what is clear is there is at least one motive behind the attack, a monetary demand of $51,000 in Bitcoin.

While the actor is as of yet unknown the City is working with the FBI, Homeland Security, and their vendors to determine the source as well as find a solution to the issue without paying the ransom. For those who have not been involved in this ransomware space, the value might seem somewhat trivial.  $51,000? Why not just pay it, and be done? On the surface this seems like the easy solution. Its only $51,000. But the next question you should ask is what happens next time, will it only be $51,000? Will it embolden that actor to raise the stakes? What if you pay the sum only to find the systems aren’t unlocked.  More importantly who are you actually funding?

The increasing momentum of ransomware is a concerning trend. The fees to unlock a system after an incident tend to be low in order to make the decision a cut and dry one for the impacted entity. Its far easier to rationalize the payment of a relatively small sum that is only mildly painful. Often the affected individual seeks quick resolution, and those that can’t afford the ransom typically find themselves replacing a HD for less than the ransom if the value of the data isn’t very high. Situations like Atlanta start to change the dynamic; public institutions, governments, corporations, healthcare, all have more serious potential concerns. There is the damage to public perception, the impact to customers and employees, potential regulatory issues, and one can imagine the potential for injury or loss of life in the most severe cases. The trend would indicate that the problem is getting worse, especially as more potential actors see the business case behind effect campaigns. The value of demand in some cases is starting to also balloon when the potential impact is visualized, take for example the case of Equifax in September of 2017, they were served with a demand of $2.3M.

Who are the primary actors behind ransomware? What is their motivation? We can look to the ease of monetizing this type of attack to explain its increase in velocity. Criminal organizations in areas of the world where it’s easier to create a ransomware campaign then legitimately find a job certainly serves as a significant piece of the problem. Organized crime has also seen this as a new frontier to provide additional revenue, however there is an even more concerning aspect to the problem. Consider rogue nations that have come under increasing pressure from the world powers and face increasing sanctions and external pressure. Where do they find the funds they desperately need in the face of ever tightening scrutiny, look no further than an effective ransomware campaign. It quick easy money and the availability of a transaction masked by cryptocurrency makes for a too tempting than to avoid vehicle for increase their coffers.

Some are starting to ask is it really even about the money? For the vast majority it is but it also becomes a vehicle for malicious actors to start causing disruption and impact to the underlying infrastructure. It’s a way to probe and see where organizations or governments aren’t sufficiently protecting their assets. It’s a way to cause concern among consumers and citizens if they can really trust the entities they interact with.

The underlying question is what should we do? Obviously, the time is passed for not taking security seriously, unfortunately too many companies still don’t. Do you have an effective security policy, are you fully funding the controls necessary to protect your organization, does your policy cover ransomware effectively? Most importantly do you know what data is critically important, and do you have a plan for maintaining that data and recovering it? We need to look at endpoints as more than just end user workstations, they are usually the most exposed and easiest systems to breach. Look to endpoint protection products that not only alert on system exposure but offer protection against malicious use and optimally have the capability to roll back in the event of a compromise. At the end of the day it’s not about the breach but it’s about how you recover.

About the author: Ben Carr is the VP of Strategy at Cyberbit. Ben is an information security and risk executive and thought leader with more than 20 years of results driven experience in developing and executing long-term security strategies. He is focused on solving security issues that address current business objectives while balancing today's operational risks. Ben has demonstrated global leadership and experience, through executive leadership roles at Tenable, Visa and Nokia.

Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles "https://ift.tt/2GzXGxb"

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more