In The News

In search of a better log-in, the National Institute of Standards and Technology (NIST) announced plans this month to spend $750,000 to measure the benefits of five state and local government identity management pilot projects it funded last year.

Google Reports a Jump in Hacked Websites in 2016,

With the number of hacked and compromised websites on the rise, Google releases new documentation to help the site owners mitigate hacking risks.  Google last year recorded a 32 percent increase over 2015 in the number of websites that its search engine flagged as being hacked.

Online Denial-of-Service Attacks Are a Growing Concern
Government Technology (03/19/17) Lohrmann, Dan

Distributed denial-of-service (DDoS) attacks have taken many forms over the past decade, including weapons of cyberwarfare, security breach diversions, and service-impacting strategies, according to Corero Network Security's Stephanie Weagle. She says these attack campaigns have a range of motivations, including financial, political, nation-state, extortion, and others. "As recent events have confirmed once again, proactive, automated protection is required to keep the Internet-connected business available in the face of DDoS attacks," Weagle says. A recent Imperva report highlights the rapid evolution of DDoS capabilities over the past year, showing the number of DDoS attacks continues to escalate, with a shift in the threat landscape being driven by new Internet of Things botnets and a declining cost of DDoS-for-hire capabilities. The Imperva report also notes network-layer attacks hit record heights, application-layer attacks became more common, attack frequency scaled up, and China continued to be a hub of botnet activity. An increasing number of hackers are using DDoS attacks, and their methods continue to evolve in ways that are more sophisticated and dangerous to global organizations.

Star Trek Ransomware Boldly Encrypts (03/20/17) Schwartz, Mathew J.

Avast researchers have discovered the Kirk ransomware, Star Trek-themed malware that adds the .kirked extension to a victim's files. The attack code is designed to encrypt 625 different types of file extensions, and Avast researcher Jakub Kroustek says the same attack code also is circulating as part of what is being called Lick ransomware. It is unclear how the Kirk ransomware is being distributed, but researchers know the ransomware poses as the free distributed denial-of-service attack tool Low-Orbit Ion Canon (LOIC). Anyone who pays the Kirk ransomware to recover their files will receive a Spock decryptor. The Kirk ransomware seeks payment via a type of cryptocurrency known as Monero. The ransom note demands 50 monero, currently worth about $1,200, to decrypt all the files. If victims do not pay within 48 hours, it begins increasing the ransom demand, and after 31 days the password decryption key is permanently deleted. Security experts and law enforcement officials recommend victims never pay ransoms because it incentivizes attackers to continue their cybercrime research and development. Instead, they suggest organizations try to remain secured and keep their files backed up offline so compromised systems can be wiped and restored.

White House’s Annual Cyber Report Counts 30,000 Incidents but Only 16 are 'Major', Joseph Marks, March 14, 2017

Federal agencies have made solid progress securing their sensitive data against malicious hackers and employee lapses, but there’s still a long road ahead, according to a recently released White House report.

More than 30,000 data security incidents compromised federal information systems during the 2016 fiscal year, 16 of which were categorized as major incidents that needed to be reported to Congress, according to the White House’s 2016 Federal Information Security Management Act report released March 10.

State Chief Security Officers Share Current Plans
Government Technology, Dan Lohrmann, January 26, 2017              

What's hot right now in cyber? I asked four leading state government chief information security officers (CISOs) about emerging cyberthreats, their state’s top cyberproject priorities for the coming year and for their views on the future outlook for cybersecurity executives. Here’s what they said.

In a survey of government chief information officers (CIOs) released back in November 2016, the National Association of State Chief Information Officers (NASCIO) again selected security and risk management as the top priority for state government technology in 2017. This finding is consistent with the digital states survey which also showed cybersecurity as the top priority for government technology leaders for the foreseeable future.

After an Attack: How to Keep a Bad Situation From Getting Worse
Government Computer News (01/17/17) Hoffman, Karen Epper

Government information security professionals must carefully consider what to do after an inevitable hack is discovered. Government agencies should have a strong incident response plan and should implement it as soon as a confirmation of a breach is received. “After a hack, the focus should be first on completeness of remediation… in other words, fully kicking the hacker out of the network,” says Exabeam's Nir Polak. Information security professionals also must conduct a detailed analysis of what happened so they can prevent it from happening again, according to KGSS' Cynthia James. She says if the breach is ransomware, agencies should not pay cybercriminals because hijacked digital materials might come back compromised, damaged, and sometimes they are not returned. Agencies should designate a specific department to notify all employees and third parties who may be directly affected and make required disclosures to regulators. The information security team also should talk about the way it responded and use the incident as a learning experience, says Absolute's Richard Henderson.

Nine Ways to Protect an Enterprise Against Ransomware
eWeek (12/28/16) Preimesberger, Chris

There are several steps enterprises can take to protect their systems from ransomware. First, many attacks can be prevented by ensuring the operating system and required third-party applications on each system are updated. Critical patches for applications such as Adobe Flash, Java, and Web browsers also should be kept current. Traditional, signature-based antivirus software is not impervious to ransomware, but failing to keep antivirus solutions up to date can leave an organization vulnerable to threats that already have been identified and tagged. Minimizing user privileges and deploying effective access control solutions can help protect against ransomware, but it is important to consider user productivity before removing access rights. Compared with traditional access control, new methods of data protection rely on understanding the behavior of ransomware and do not require management of user-specific rules. Certain types of ransomware can trick users into enabling macros that download the malware, so organizations should disable macros from Microsoft Office files. Implementing application whitelisting ensures only trusted applications can run on any endpoint, effectively eliminating ransomware's ability to run. In most cases, ranswomware is distributed as an email attachment, so restricting users to virtual or containerized environments denies ransomware access to the rest of the network.

Ransomworm: The Next Level of Cybersecurity Nastiness
CSO Online (12/27/16) Francis, Ryan

Security experts predict ransomware innovations in 2017 will enable infections to spread faster and be costlier for businesses and consumers. According to Corey Nachreiner of WatchGuard Technologies, cybercriminals can hasten the spread of ransomware by mixing malware with a network worm. Network worms such as CodeRed, SQL Slammer, and Conficker allow hackers to make malware automatically spread itself, so if ransomware is attached to a worm, it could copy itself to every computer on a local network. SecBI's Alex Vaystikh says ransomware also will merge with information-stealing malware, which steals and then encrypts data. If organizations refuse to pay for decryption, the hacker then has the option to leak the stolen information. Vaystikh also expects to see ransomware targeting cloud data centers in 2017, causing significant downtime. Encrypting cloud-based data could have a significant impact on smaller organizations that may not have backup files. Given that ransomware has grown to a $1-billion business in 2016, ransomware-as-a-service (RaaS) will be especially profitable for cybercriminals in the coming year. Hackers lacking sophisticated skills or technology only need a mailing list of potential targets and access to RaaS to launch a ransomware attack.

The Rise of Ransomware
Government Computer News (12/16/16) Leonard, Matt

Ransomware attacks affecting government agencies, hospitals, educational institutions, and private businesses are growing in number, which is why Kaspersky Lab dubbed ransomware the "story of the year" in 2016. "A lot of threat actors are using this kind of malware because it has a clear monetization strategy," says Kaspersky analyst Anton Ivanov. In addition, ransomware-as-a-service has become more common as the malware authors offer their product on the market. "This approach has proved immensely appealing to criminals who lack the skills, resources, or inclination to develop their own," Kaspersky warns. There were 44,287 new ransomware modifications in 2016, the most common of which, known as Locky, spread across 114 countries. However, guarding against ransomware is possible, and both public- and private-sector organizations can use the same strategies. Protection starts with installing a security solution on every network endpoint and every server that is connected to the Internet. Behavioral detection components currently are the most effective way to detect ransomware, so organizations should find a security solution that includes this feature. If an organization gets attacked by ransomware it should not pay the ransom, as 20 percent of victims who pay do not get their data back.

The 7 Most Significant Government Data Breaches
Dark Reading | 11/15/16 | Vijayan, Jai

Federal and state government agencies have publicly disclosed 203 data breaches over the past five years, resulting in nearly 47 million stolen records, according to a report from Privacy Rights Clearinghouse. The number of breached records does not include data from incidents in which the scope of the breach has not been fully disclosed, such as Edward Snowden's theft of classified documents from the National Security Agency (NSA). One of the largest known incidents was the intrusion into the Office of Personnel Management's network; the records of more than 24 million current and former federal government employees were exposed. Cybercriminals could use the stolen data for years in identity theft scams, spear-phishing, and other social-engineering campaigns. Due to a clerical error, the office of Georgia Secretary of State Brian Kemp in October 2015 mailed CDs containing the personally identifiable information of 6.2 million voters to 12 organizations that had purchased voting lists from the office. The discs were later recovered and destroyed. In May 2015, the Internal Revenue Service announced its “Get Transcript” application had been breached, giving unknown attackers access to tax records belonging to approximately 724,000 individuals. Following a November 2014 intrusion that exposed the personal data of 800,000 employees, the U.S. Postal Service was forced to shut down its VPN service for employees and suspend telecommuting.

Criminals Increasingly Hold Government Computers for Ransom | October 13, 2016 | Jenni Bergal

Local governments, hospitals, and police departments are becoming popular targets for ransomware attacks, forcing officials to choose between paying the ransom or risk losing their data. Local and state governments were hit by as many as 450 ransomware infections per month between October and May, according to the Multi-State Information Sharing and Analysis Center. Although most state governments have successfully blocked attacks with firewalls and antivirus programs, organizations can struggle to protect themselves against more sophisticated varieties. “In the last few years, it was primarily focused on smaller jurisdictions—local governments, water departments, police agencies," says NASCIO executive director Doug Robinson. “Now, we're seeing it spread into the states.” When officials decide to pay the ransom, their networks still are crippled by the viruses for several days. If the ransom is not paid and officials attempt to restore their systems on their own, the process could take days or weeks. Some states are taking steps to educate their employees on cybersecurity and ransomware, including Ohio, which tests the response of its staffers to fraudulent emails. In California, legislators unanimously passed a bill that defined ransomware as a type of extortion and made it a felony punishable by up to four years in prison. The measure was signed into law last month.

Federal CISO Unveils Plans to ‘Proportionally’ Protect Data, Create a Cyber Mascot
October 11, 2016 | By Mohana Ravindranath 

The White House's first chief information security officer has ambitious plans to shore up government cybersecurity, including elaborate educational campaigns for employees and ensuring investments in data protection are proportional to the value of that data. 

In one of his first public appearances since his appointment last month, Gregory Touhill told an audience in Washington Tuesday his approach to cybersecurity was multipronged with separate goals for hiring cyber talent; educating federal workers about cyber hygiene; and encouraging agencies to treat information as an "asset" by considering whether it's worth it to invest in high-tech protections for low-value data sets. 

Washington State Office of Cybersecurity Partners with U.S. Department of Homeland Security to Kick Off National Cybersecurity Awareness Month
News provided by National Cyber Security Alliance Sep 30, 2016

Nation's First Chief Information Security Officer, Governor Jay Inslee and Washington State CIO Join the National Cyber Security Alliance and Local Digital Leaders; Event Spotlights Cyber Preparedness - From Drones and Driver-less Cars to the Cyber Workforce