Tag Archive for: efforts

Ransomware recovery efforts continue Monday in Jackson County

/in


KANSAS CITY, Mo. — Jackson County’s Assessment, Collection and Recorder of Deeds offices will remain closed Monday as the county continues to restore network infrastructure following a ransomware attack.

The attack was first reported the morning of Tuesday, April 2. Two days later, the county identified the attack was triggered by a “malicious e-mail link.”

RELATED | Cybersecurity expert gives insight into ransomware attack on Jackson County systems

Monday’s closure will allow the county’s IT professionals to continue recovery efforts by “prioritizing the security and stability” of the affected systems, per a news release from Jackson County.

“We recognize the impact this decision may have on our residents and want to assure them that it was made with careful consideration,” the county shared in the release. “Our commitment remains steadfast in swiftly resolving this situation and minimizing any inconvenience to our community.”

As the offices have been closed for nearly a week, the county said it is grateful for the community’s “continued patience and understanding during this challenging time.”

Updates regarding the reopening of the offices will be “promptly communicated,” per Jackson County.

Source…

CISA deputy director touts progress, anti-ransomware efforts

/in


In 2023 CISA reached its five-year anniversary, and much has happened in those years.

The Cybersecurity and Infrastructure Security Agency, the U.S. government’s federal agency dedicated to cybersecurity-related issues, has had to contend with a global pandemic, multiple geopolitical conflicts, leadership changes and an evolving, increasingly aggressive cyberthreat landscape.

CISA Deputy Director Nitin Natarajan, who was appointed to the role in February 2021, told TechTarget Editorial in an interview that adapting to such a landscape has been a challenge, but the agency has built a team of individuals who are “used to working in fast-paced and dynamic organizations.” Natarajan said CISA has hired well over a thousand staffers in the last few years, while also receiving increased budget support from Capitol Hill and forming partnerships that have helped it scale up.

Said staffers include individuals from backgrounds across the federal government, state governments, local governments, the private sector, the intelligence community, the Department of Defense and more. This wide range of experience, the deputy director said, has enabled CISA to adapt to the volatile, constantly changing cybersecurity landscape.

CISA recently published its 2023 Year in Review, a webpage detailing the agency’s accomplishments last year. Some of these accomplishments include nearly 6,700 engagements with stakeholders in the private and public sectors, newly updated secure-by-design guidance, 1,200 warnings of early-stage ransomware activity, a public service announcement campaign and more.

Natarajan said that of CISA’s 2023 accomplishments, he was most proud of the agency’s partnerships and collaborations with entities such as global government partners; security researchers; and state, local, tribal and territorial governments.

Nitin Natarajan, deputy director, CISANitin Natarajan

“It’s all about partnerships and collaboration. That is what has allowed us to be successful as well as what has allowed us to mitigate risks. It is what allows us to keep adversaries at bay. It is what’s allowed us to do a lot of what we do,” he said. “It’s not easy. It’s easy to say the words collaboration and partnership, but to really build…

Source…

LockBit, Cl0P expand ransomware efforts

/in


LockBit in the lead, CL0P in 2nd

The report, Ransomware on the Move, looked at how exploitation techniques are evolving — including attackers’ sharpened focus on zero-day vulnerabilities. It showed how victims of multiple ransomware attacks were more than six times more likely to experience the second attack within three months of the first attack.

The authors from Akamai’s Security Intelligence Group reviewed data from the fourth quarter of 2021 to the second quarter of 2023. The authors reported that LockBit ensnared around 39% of all victim organizations tracked by Akamai, which said LockBit’s victim count is three times that of its nearest competitor, the CL0P group. Number three in volume of victims, ALPHV, aka Black Cat, focused its efforts on developing and exploiting zero-day points of entry (Figure A).

Top ransomware groups by victim count. Source: Akamai.
Top ransomware groups by victim count. Source: Akamai.

Anthony Lauro, director of security technology and strategy at Akamai, explained that LockBit looks for high value targets with zero day vulnerabilities that companies can’t fix quickly. They tend to target and retarget these organizations and the sectors — like manufacturing and technology for example — where security operations are lagging, generally. Also, he explained, malware writers can choose tools and services from a growing dark ecosystem.

The report spotlighted two trends that speak to how large groups — with reach and breadth of products including RaaS — have a stable growth and smaller groups focus on opportunities as they arise:

  • The first is exemplified by LockBit, characterized by a steady count of 50 victims per month, and activity seems tied to its number of affiliates and its resources.
  • The second, typified by groups like CL0P, feature spikes in activity from abusing critical zero-day vulnerabilities as they appear, and highly targeted security flaws.

“Malware writers can now split off operations, which is a change,” said Lauro. “It used to be that the attackers were a single entity or group that would be responsible for malware payload delivery, exploitation and follow up.” He added that, because of the open nature of the…

Source…

Biden-Harris Administration Launches New Efforts to Strengthen America’s K-12 Schools’ Cybersecurity

/in


Biden-Harris Administration is announcing new actions and private commitments to bolster the nation’s cyber defense at schools and protect hard-working American families

Administration leaders, school administrators, educators, and education technology providers will convene at the White House to discuss how to strengthen the nation’s schools’ cybersecurity amidst growing ransomware attacks

The United States has experienced an increase in cyberattacks that have targeted the nation’s schools in recent years.  In the 2022-23 academic year alone, at least eight K-12 school districts throughout the country were impacted by significant cyberattacks – four of which left schools having to cancel classes or close completely.  Not only have these attacks disrupted school operations, but they also have impacted students, their families, teachers, and administrators.  Sensitive personal information – including, student grades, medical records, documented home issues, behavioral information, and financial information – of students and employees were stolen and publicly disclosed. Additionally, sensitive information about school security systems was leaked online as a result of these attacks. Today, Secretary of Education Miguel Cardona and Secretary of Homeland Security Alejandro Mayorkas, joined First Lady Jill Biden, to convene school administrators, educators and private sector companies to discuss best practices and new resources available to strengthen our schools’ cybersecurity, protect American families and schools, and prevent cyberattacks from disrupting our classrooms.

According to a 2022 U.S. Government Accountability Office report, the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time can take anywhere from two to nine months.  Further, the monetary losses to school districts following a cyber incident ranged from $50,000 to $1 million. That is why the Biden-Harris Administration has had a relentless focus on securing our nation’s critical infrastructure since day one, and continues to work tirelessly to provide resources that enable the U.S.’s more than 13,000 school districts to better protect…

Source…