Search the Community
Showing results for tags 'ransomware attacks'.
Found 3 results
steven36 posted a topic in Security & Privacy NewsDepartment in Spain. The cyberattack was one of many aimed at Spanish companies, including Everis, an internet services firm owned by NTT, and prompted others like Aena and KPMG Spain to assure the public on Twitter that they had not been victims of the attacks. Everis sent employees home while it worked to result the incident, according to a Euro News report. “It is particularly alarming to eye attackers successfully targeting IT consultancy firms. Those who are supposed to protect us from ransomware and prevent it fall victims to it, emphasizing catastrophic unpreparedness even amid technology consultants,” said Ilia Kolochenko, founder and CEO of ImmuniWeb. “We may expect a further spike of targeted attacks against IT consultants that frequently disregard the fundamentals of cybersecurity to cut their internal costs on a highly-competitive and turbulent market,” he said. “Worse, those companies commonly have privileged access to a myriad of their customers’ networks without any control or due monitoring. Therefore, cybercriminals will soon start aggrandizing their attack scope to infect all their customers first and them disarm and paralyze the IT consultancies.” Source
SwissMiss posted a topic in Security & Privacy NewsSenate Passes Bill Aimed At Combating Ransomware Attacks New legislation has been approved by the U.S. senate aimed at protecting local cities and schools from ransomware attacks. The U.S. Senate has approved new legislation aimed at helping government agencies and private-sector companies combat ransomware attacks. The legislation comes as local governments and schools continue to be hit by sophisticated – and in some cases coordinated – ransomware attacks. The proposed law, the “DHS Cyber Hunt and Incident Response Teams Act,” authorizes the Department of Homeland Security (DHS) to invest in and develop “incident response teams” to help organizations battle ransomware attacks. Part of that means that the DHS would create teams to protect state and local entities from cyber threats and restore infrastructure that has been affected by ransomware attacks. “Our cyber response teams play an important role in protecting against cyber threats, reducing cybersecurity risks, and helping to get our cyber infrastructure back up and running after an attack occurs,” said Senator Rob Portman (R-OH), a co-author of the plan, in a statement last week. “I am glad the Senate passed our bipartisan legislation and I hope we send it to the president’s desk soon so that we can strengthen our response efforts in the event of a cyberattack.” In addition to restoring infrastructure hit by ransomware attacks, the legislation-backed incident response teams would also seek to proactively mitigate against cyber threats along with identifying cybersecurity risks, developing mitigation strategies and providing guidance to infrastructure owners. The teams would be sent to both public and private entities “upon request”; giving each advice on how best to fortify their systems from ransomware, giving additional technical support, and providing incident response for organizations that fell victim to an attack. Security experts like Allan Liska, Senior Solutions Architect with Recorded Future, applauded the bill. Liska praised the bill’s mandate of inclusion for state, local and tribal government representation, and applauded the fact that the teams are not merely reactive when it comes to cyberattacks – but also have proactive measures to help organizations protect against threats. “Overall, I think that this is a good bill that, if implemented correctly, could bring much needed relief to state and local governments that reeling from attacks this year,” Liska told Threatpost. “State, local and tribal governments (as well as other entities) can reach out for assessment and advice. One of the biggest complaints we heard from state and local governments in our research is that even if they had the funds to implement appropriate protections, they often didn’t have the time/personnel to do so.” Chris Morales, head of security analytics at Vectra, told Threatpost that the legislation is a “good first step” – but he wants to see more investment in security from the government in the future. “It’s a good first step to enable the DHS to assist in providing advice for securing systems and for response when something does occur,” Chris Morales, head of security analytics at Vectra, told Threatpost. “However, that is all this is. A first step. I would like to see the federal and state governments implement a program that provides funding for a security operations center that operates at the scale of a well-funded large financial institution. Without this extra step, all the good advice in the world will be pointless.” The legislation was first introduced in February 2019 by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH). With the bill being passed in the Senate, it will now be headed to the House of Representatives for approval. A similar bill has already passed in the House of Representatives in 2018, called the “DHS Cyber Incident Response Teams Act of 2018.” Senators said that the two pieces of legislation will now begin a reconciliation process. The legislative measures come as both cities and schools – as well as private entities – continue to face ransomware attacks that cripple systems and freeze up data. In August, Texas officials were left scrambling after up to 22 Texas entities – the majority of which are local governments – were hit by a coordinated ransomware attack which Texas officials said is part of a targeted attack launched by a single threat actor. Other cities have also been hit by ransomware attacks, including New Bedford, Mass., dual Florida cities – Lake City and Riviera Beach– and several Atlanta city systems. In July, Louisiana’s governor declared a statewide state of emergency after a rash of public schools were hit with ransomware, with school districts in the northern part of the state – including Monroe City, Morehouse Parish and Sabine Parish – being impacted. Source: Senate Passes Bill Aimed At Combating Ransomware Attacks
steven36 posted a topic in Security & Privacy NewsThey're worried hackers will try to change or destroy voting data. It's no secret that many American officials are worried about hacks targeting the 2020 election, but there's one fear this time around that wasn't present in 2016: ransomware. Reuters has learned that Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) is worried election databases could be targeted by the same kind of ransomware attacks that have plagued cities like Atlanta and Baltimore. Accordingly, it's teaming with election officials and relevant companies to both safeguard their databases and prepare responses for possible attacks. The prep includes education and recommendations as well as more immediate checks like remote penetration testing and vulnerability scans. It won't, however, involve advice on whether or not state governments should pay ransoms. Homeland Security wants systems to be sufficiently airtight that they aren't forced to make that choice, an unnamed official told Reuters. It doesn't take much to understand the potential severity. Ransomware could lock states out of their voting data at crucial moments, sparking delays and even undermining the legitimacy of the elections themselves. And since the data changes constantly, it's not guaranteed that states' backups will be current. There's no certainty CISA's measures and others will be enough with roughly 14 months to go before the vote. Unlike in 2016, though, election workers are far more aware of the potential for data breaches from Russia and other unfriendly governments. If ransomware does hit, they could more quickly recover in the aftermath. Source