Tag: department | Page 4

San Bernardino County pays $1.1-million ransom over Sheriff’s Department hack

May 6, 2023/in Computer Security

SAN BERNARDINO, CA -JULY27: San Bernardino County Sheriff's Deputy Chief Horace Boatwright, left, speaks at an early morning briefing. San Bernardino Sheriff's Headquarters on Monday, July 27, 2020 in San Bernardino, CA. (Irfan Khan/Los Angeles Times) — San Bernardino County Sheriff’s Department deputies attend a briefing in 2020. A ransomware attack, discovered in early April, crippled the Sheriff’s Department computer systems. The county and its insurer agreed to pay the $1.1-million ransom, a spokesperson said. (Irfan Khan / Los Angeles Times)

Weeks after a cyberattack crippled the San Bernardino County Sheriff’s Department computer systems, county officials confirmed that the hackers had been paid a $1.1-million ransom.

The ransomware attack, discovered in early April, forced the department to temporarily shut down some of its computer systems, including email, in-car computers and some law enforcement databases, including a system that deputies use for background checks.

After negotiating with the hackers, San Bernardino County paid slightly less than half the total — $511,852 — and its insurance carrier covered the rest, said county spokesman David Wert.

“On balance, and consistent with how other agencies have handled these types of situations, this was determined to be the responsible course,” Wert said.

Ransomware attacks on public institutions such as cities, school districts and hospitals have risen sharply in the U.S. in recent years. Government computer networks can contain troves of sensitive data and often have less robust protections than those of major companies.

During a ransomware attack, hackers steal or block access to key files or data, then demand payment in exchange for returning or restoring them. Such attacks can also involve threats that sensitive information, such as Social Security and credit card numbers, will be exposed if the victim doesn’t pay.

The FBI says it does not pay ransom in such attacks and advises victims not to either.

It’s exceedingly rare for ransoms to be paid for hacks involving law enforcement agencies, in part because of who could be on the receiving end of the transaction, said Clifford Neuman, the director of USC’s Center for Computer Systems Security.

“If you’re paying through cryptocurrency, you don’t know who you’re paying it to,” Neuman said. “It could be a sanctioned entity, whether it’s Iran, whether it’s North Korea, whether it’s a terrorist organization.”

And,…

Source…

California county paid $1.1 million ransom to hacker of Sheriff’s Department computers

May 5, 2023/in Computer Security

San Bernardino County acknowledged this week that it has paid a $1.1 million ransom to a hacker who uploaded malware to the Sheriff’s Department’s computer system.

In a ransomware attack, a criminal enters a system and encrypts the data, leaving the owner unable to access it. If a ransom is paid, usually in cryptocurrency, the criminal will provide a decryption key to unlock the data.

For weeks, the county said little publicly about the hack, other than to call it a “network disruption.”

David Wert, a county spokesman, said the county had anticipated such a computer invasion and had taken out insurance. He said that of the $1.1 million payout, the county’s share was $511,852 and that the insurance company paid the rest.

Sheriff Shannon Dicus said Wednesday that the cyberattack did not compromise public safety but workarounds were required for certain tasks. For instance, he said, deputies could not access the California Law Enforcement Telecommunications System, which can tell deputies when a person is wanted for crimes elsewhere in the country. So deputies would request other agencies check the CLETS records.

It was unclear Thursday whether any information was stolen. The department is still going through its systems to learn what has been affected. Those that have been determined to be safe and functioning are being turned back on, said Mara Rodriguez, a sheriff’s spokeswoman.

No other county department computer systems were affected, Wert said.

Chuck Brooks and some other cybersecurity experts say paying a ransom is a bad precedent.

“Generally, businesses should not pay for ransomware as they will likely be hit over and over again as it will be shared and sold by criminal hackers on the dark web,” Brooks said in an email on Thursday, May 4.

Brooks, in a story he wrote that appeared in Forbes magazine, said ransomware has been around since the late 1980s and “it has become a trending and more dangerous cybersecurity threat.”

Wert said there was a discussion about whether to pay but declined to elaborate beyond this statement:

“The decision whether to render payment was the subject of careful consideration,” Wert said. “On balance, and…

Source…

CO 141 between Naturita and Gateway to close for flood safety — Colorado Department of Transportation

May 5, 2023/in Mobile Security

Southwest Colorado — CO Highway 141 will likely be closed between Naturita and Gateway on Friday evening due to forecasted high river flows. If the river reaches expected levels, the Colorado Department of Transportation plans to close the highway at 5 p.m. The highway will remain closed until the flood danger has subsided. This closure is dependent on various factors including snowmelt and reservoir releases. The public will be alerted once the official closure is in place. As flow amounts fluctuate, the bridge may require additional closures.

“River flows in the area have not been observed at these levels in 18 years. With the flood event expected to peak this Friday, we are taking proactive and cautionary measures at this particular bridge. Engineers and maintenance personnel will be assessing the structural integrity throughout this high-flow event,” stated Julie Constan, Regional Transportation Director.

For safety, CDOT has determined that the bridge structure at Roc Creek should be closed to traffic while peak water flows are occurring. The structure is located approximately 27.5 miles north of Naturita at Mile Point 88.5.

The National Weather Service (NWS) has issued a flood advisory for the Dolores River due to the increased release of water from McPhee Reservoir. The flood advisory also includes the Dolores and San Miguel Rivers due to heavy runoff from snowmelt. The flood advisory is in place until further notice and covers the counties of Montezuma, Dolores, San Miguel and Montrose.

Traffic Impacts

Check COtrip.org for current road closures and conditions or contact Southwest Region 5 Customer Service during weekday business hours 970-385-1423.

The northbound closure point is located just north of Naturita and the County Road CC junction, MP 64
The southbound closure point is located just south of Gateway, MP 110
Do not bypass the closure barricades

Dolores River flowing underneath a CDOT bridge structure located on CO 141 — A photo captured on May 3, 2023 shows the Dolores River flowing underneath a CDOT bridge structure located on Colorado Highway 141 at mile point 88.5. River flow rates are nearing 10-year flood event levels.

For more information about the flood advisory, refer to the National Weather Service Flood Advisory. For more…

Source…

‘Department of Justice already knew of SolarWinds hack in May 2020’

May 1, 2023/in Internet Security

The U.S. Department of Justice was aware of the SolarWinds hack earlier than it had previously admitted. Suspicious traffic in its own IT environment was noticed as early as May 2020, while the government agency claimed it did not know about the hack until December 24 of that year.

This is the conclusion Wired has reached based on sources. Suspicious traffic had been discovered by the Department of Justice (DOJ) before it had signed an official contract with SolarWinds. A rather embarrassing fact that the Department seems to have tried to keep under the rug. At the time, the DOJ appeared to have been unaware of the significance behind the unexplained traffic.

At the DOJ, security teams were using a trial version of Orion software, a product of Texas-based SolarWinds, in the middle of 2020. Strange traffic pointed to communication with an unknown system on the internet. This led the DOJ to inquire with SolarWinds, but the company could find no vulnerabilities in its own software. SolarWinds became one of the DOJ’s official security suppliers in August 2020. However, secretly injected code within Orion gave hacker group Nobelium the opportunity to spy on hundreds of organizations.

Backdoor

Only in late 2020 did SolarWinds announce that it had been attacked by “highly sophisticated hackers.” The breach quickly proved to have been a massive supply chain incident. Hackers believed to be supported by the Russian state had injected a “backdoor” into the Orion software. This meant the group could gain access to as many as 18,000 customers using an infected Orion version. In practice, the group limited itself to hundreds of specific targets, including government agencies.

The hacker group had access to the logging and system performance data of many U.S. organizations, including Microsoft, Mandiant, Cisco and Intel. The backdoor was present at these companies for between four and nine months. This injected code not only allowed hackers to gain access to the data collected by Orion, but also used it as a means to insert even more malware into protected networks.

Also read: ‘SolarWinds hack group Nobelium still has huge attack potential’

Source…

Tag Archive for: department

Traffic Impacts

Backdoor