Tag: county | Page 2

Ransomware Compromised Personal Data, Texas County Appraiser Says

April 6, 2024/in Internet Security

(TNS) — Hackers who have taken control of the Tarrant Appraisal District’s website say they have the Social Security numbers and driver’s license numbers of 300 people, the agency said.

“It has been determined that there was unauthorized access to our network, which has resulted in the potential exposure of a small amount of personal information,” a statement from TAD said.

The statement also said TAD will notify those affected “as soon as possible.”

The ransomware attack took place March 21 by the hacking group Medusa.

On March 25, the district’s legal council announced at an emergency meeting that the hackers were asking for $700,000. The district has not paid the ransom.

The district said it expects to send value notices this and that property owners will be able protest them online.

Medusa has previously used extortion and the threat of selling sensitive information on the dark web as a tactic to negotiate, according to the U.S. Cybersecurity & Infrastructure Security Agency.

The appraisal district’s chief appraiser, Joe Don Bobbitt told the Star-Telegram last week that a majority of the data the district keeps on file is “sales data” and property details such as square footage, tax deeds or the year a property was sold — almost all of it public information.

In the statement put out Wednesday, TAD offered information on how to freeze a credit card or report fraud.

Many function’s of the appraisal district’s website are still offline.

The district sets property appraisals and administers exemptions for tax purposes.

©2024 Fort Worth Star-Telegram, Distributed by Tribune Content Agency, LLC.

Source…

Missouri county declares state of emergency amid suspected ransomware attack

April 3, 2024/in Internet Security

Enlarge / Downtown Kansas City, Missouri, which is part of Jackson County.

Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable.

“Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack,” officials wrote Tuesday. “Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal.”

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice.

The closure occurred the same day that the county was holding a special election to vote on a proposed sales tax to fund a stadium for MLB’s Kansas City Royals and the NFL’s Kansas City Chiefs. Neither the Jackson County Board of Elections nor the Kansas City Board of Elections have been affected by the attack; both remain open.

To date, ransomware attacks have hit 28 county, municipal, or tribal governments this year, according to Brett Callow, a threat analyst with security firm Emsisoft. Last year, there were 95; 106 occurred in 2022.

The Jackson County website says there are 654,000 residents in the 607-square-mile county, which includes most of Kansas City, the biggest city in Missouri.

The response to the attack and the investigation into it have just begun, but so far, officials said they had no evidence that data had been compromised.

“We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities and identify the root cause of the situation,” officials wrote. “While the investigation considers ransomware as a…

Source…

CSUF cybersecurity students compete to hack into vulnerable systems – Orange County Register

March 25, 2024/in Computer Security

Last fall, Cal State Fullerton cybersecurity students competed in the Collegiate Penetration Testing Competition where teams of students from the region met to determine how to hack the security systems of an airport and then presented a report of their findings to executives.

The Cal State Fullerton team of six students placed second in the high-pressure competition, which provided real-world experience that they will bring to the jobs that await them once they graduate. Business sponsors often recruit winners for employment during these events, said Mikhail Gofman, professor of computer science and director of the ECS Center for Cybersecurity in the College of Engineering and Computer Science.

Penetration testing means trying to break through the security systems of a business by using the same tools and techniques that hackers use. If a penetration tester can discover and exploit a vulnerability, Gofman said, then so can an attacker.

“This is often called the security governance,” Gofman said, “the goal of which is to ensure the cybersecurity of the company. It is driven by risk management, and, of course, cyberattacks are a big part of the company risk management, because a cyberattack can have very devastating consequences.”

The regional competition focused on the security systems of an airport. “They weren’t actually real airport systems, but real networks which simulated what a network infrastructure of an airport would look like,” Gofman said. “The students had 12 hours, from morning to night, to conduct the penetration test to find and exploit as many security vulnerabilities as possible.”

Then they had to write a professional penetration testing report that communicated their findings in plain language.

“Our goal as a team was to try to fully compromise the company, given only a set of IP ranges and some scattered fictitious employee information they left on the internet for us to exploit,” said fourth-year student Katherine Chen, who was a member of the winning team.

“You use public information on the internet to impersonate someone and use their information for malicious purposes, which we were successfully able to do,” Chen said. “At…

Source…

Separate ransomware attacks reported by Illinois county, college

March 25, 2024/in Internet Security

Illinois’ Henry County and Monmouth College have confirmed being impacted by separate ransomware attacks during the past week, according to The Record, a news site by cybersecurity firm Recorded Future.

Several of Henry County’s systems were taken down following the discovery of a wide-reaching intrusion on March 18, which has prompted county officials to seek assistance from law enforcement and government cybersecurity agencies in investigating the incident amid ongoing efforts to restore affected systems.

Such an incident has already been claimed by the Medusa ransomware operation, which sought a $500,000 ransom that should be paid by Friday. Toyota Financial Services, Moneris, and Water For People were some of the ransomware gang’s most recent targets.

Meanwhile, Monmouth College disclosed in filings with the Maine and California Offices of the Attorneys General that its systems had been infiltrated in a December ransomware attack, which resulted in the compromise of data belonging to 44,737 individuals, including their ID cards and driver’s licenses.

Source…

Tag Archive for: county