[BreachExchange] Beyond the Headlines: Breaking Down the Year's Biggest Cyberevents

[Audrey McNeil]

http://www.govtech.com/security/GT-OctoberNovember-
2017-Beyond-the-Headlines-Breaking-Down-the-Years-Biggest-Cyberevents.html

When Stanton Gatewood, Georgia’s chief information security officer (CISO),
started out in cybersecurity more than 30 years ago, co-workers thought of
him and his peers as “the paranoid ones,” constantly warning about the
risks of cyberattacks and system breaches.

This perception has changed a great deal. Cybersecurity events are
ubiquitous in today’s news, and breaches are wide-ranging, affecting
customer data at Target, the municipal website in Flint, Mich., and the
servers of the Democratic National Committee during the presidential
election. Cyberdefenders like Gatewood have gone from “the paranoid ones”
to vital lines of defense, heavily relied on by private companies,
nonprofit groups and, increasingly, governments.

“You can’t open the paper, you can’t go online, you can’t watch TV without
hearing that some sort of cyberevent has taken place,” Gatewood said.

Georgia is currently investing heavily in defense, building a cyber and
innovation training center aimed at enhancing its workforce, bolstering
training and bringing representatives from all levels of government to
practice on a cyber-range, where they can test defense skills and abilities.

And Georgia is not alone. Technologists in jurisdictions across the country
say recent global cyberattacks are catalysts for policymakers and other
officials to devote funds and resources to defense.

“I hate to gain on the pain of my peers,” said Mike Dent, CISO of Fairfax
County, Va., in the Washington, D.C., metro area, “but the more people
understand the threat, the more leadership will invest in it.”

Dent, whose jurisdiction has been lauded for cybersecurity work, emphasizes
this is a complex and evolving battle, one requiring institutional
awareness, vast collaboration, funding and changes in the way technology is
manufactured.

So far, most state and local governments have avoided being victimized by
large-scale hacks, but most face ransomware and phishing attempts on a
near-daily basis. This is unlikely to stop, with experts saying instead
that they expect threats to increase.

“Anytime you have a lot of data at rest, even if that data’s not
immediately valuable at its face, that data is at risk,” said Timothy
Blute, program director with the Homeland Security and Public Safety
Division of the National Governors Association. “If you’ve got a lot of
data, you’ve got a target on your back.”

Here’s a look at some of the biggest cyberevents of the past couple years,
and their impacts on state and local government:*

WANNACRY

WannaCry is the most infamous example of a worldwide ransomware attack. By
targeting systems that ran Microsoft Windows, WannaCry encrypted data and
demanded bitcoin cryptocurrency for its release. Launched on May 12, 2017,
it infected more than 300,000 computers in roughly 150 countries but was
quickly stemmed by a cybersecurity professional in England who found a kill
switch. Another factor was that Microsoft had discovered the vulnerability
months earlier, subsequently releasing patches. Users who had installed
updates were not at risk.

Types of Data Breached: Any within Microsoft Windows.

Method: Ransomware.

Direct Impact to State and Local Governments: Many officials say WannaCry
served as an excellent catalyst for working to guard against future
large-scale ransomware events. Notable international victims included the
United Kingdom’s National Health Service, as well as other health-care
providers.

What They Say: “In an organization that may not have backups
pre-ransomware, once something like this happens, they always seem to find
the money in the budget afterward to go that route.” — Brian Calkin, Vice
President of Operations, The Center for Internet Security

PETYA/NOTPETYA

Petya exploits similar vulnerabilities in Microsoft Windows as WannaCry,
also demanding a ransom in bitcoins. Petya, however, has greater longevity.
After officials thought they’d patched it, a variation dubbed NotPetya
began posing a threat. Another difference is intent. WannaCry aspired to
sheer financial gain, restoring encrypted data if demands were met. Petya
seeks money while also sowing disruption through wide-scale system wipes,
regardless of whether demands are met.

Types of Data Breached: Any within Microsoft Windows.

Method: Wiper disguised as ransomware.

Direct Impact to State and Local Governments: Although no major breaches
have been reported domestically, Petya/NotPetya is ongoing. Widely believed
to have originated in Ukraine through an update to an accounting program
used by that country’s government, it has affected many systems there, most
notably radiation monitoring at the Chernobyl Nuclear Power Plant.

What They Say: “I know state agencies are watching ransomware events
because these techniques have a tendency to come back to life. We saw that
with NotPetya.” — Timothy Blute, Program Director, National Governors
Association Center for Best Practices’ Homeland Security & Public Safety
Division.

DALLAS EMERGENCY SIRENS HACK

One Saturday in April, all 156 emergency sirens throughout Dallas sounded
more than a dozen times. Officials first attributed the incident to
malfunction, later saying it resulted from a hack, albeit a unique one
without computers. Unknown culprits likely activated the sirens by
replicating a tonal code with a radio. Rocky Vaz, Dallas’ director for
emergency management, said catching the culprits was nigh-impossible, while
Mayor Mike Rawlings vowed to find and prosecute those responsible. No
arrests have been made, and the city is working to safeguard the system
from another hack.

Types of Data Breached: None.

Method: Replicating a tonal code with a radio.

Direct Impact to State and Local Governments: Officials in jurisdictions
across the country say they paid attention to this incident. Dallas, for
its part, is working with the Federal Emergency Management Agency on an
evolved alert system to send messages to cellphones.

RUSSIA AND THE 2016 PRESIDENTIAL ELECTION

The U.S. intelligence community has concluded with confidence that Russian
agents hacked the Democratic National Committee’s servers during the 2016
Presidential Election, also breaching Clinton campaign chairman John
Podesta’s email account. Russian officials have denied involvement, and
President Donald Trump has oscillated between downplaying the significance
of the hack and blaming it on his predecessor, President Barack Obama. In
the eyes of many, questions remain.

Types of Data Breached: Democratic National Committee servers and Clinton
campaign chairman John Podesta’s email account.

Method: Private email and server hacks.

Direct Impact to State and Local Governments: Politics aside, local
officials who administer elections are faced with questions about the
integrity of U.S. election systems.

LOCAL HACKTIVISM

The past few years have seen a new trend in cyberattacks: news breaks — a
water crisis, the passage of a bathroom bill related to transgender people,
a police shooting — a government website is hacked and an activist group
takes credit. Known as hacktivism, government technologists say it has
become their greatest exterior cybersecurity concern, as well it should be.
To date, hacktivists have frozen government services, defaced websites and
released sensitive data online.

Types of Data Breached: Varied, including emails between officials, website
content and citizen data.

Method: Various, including email phishing, denial-of-service and doxing, or
compiling and posting personal information about government officials
online.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171003/1bd15ceb/attachment.html>