Posted on May 5, 2023
Ransomware attack affects Dallas police and court websites
1.51K
9
4
4
4
0
"Dallas was hit with a computer ransomware attack Wednesday that brought down its Police Department and City Hall websites and caused some jury trials to be canceled, officials said."
Ransomware attack affects Dallas police and court websites
Posted from nbcnews.com
Police
Hacking
Dallas
Posted 12 mo ago
Responses: 3
Wonder which it will turn out to be ... clueless user or clueless administrator.
The majority of successful ransomware attacks occur because of email phishing or Remote Desktop Protocol being improperly configured.
The first has been a plague on the IT staff for years - for some reason, no matter how many times you tell them, some user will click on links from emails because they want to see a video of the latest whatever.
The first has actually taken the lead in the last couple of years as many systems were set-up for remote access due to COVID. The issue is that many were set-up improperly and have large vulnerabilities that weren't addressed (default settings being one of the biggest issues).
The majority of successful ransomware attacks occur because of email phishing or Remote Desktop Protocol being improperly configured.
The first has been a plague on the IT staff for years - for some reason, no matter how many times you tell them, some user will click on links from emails because they want to see a video of the latest whatever.
The first has actually taken the lead in the last couple of years as many systems were set-up for remote access due to COVID. The issue is that many were set-up improperly and have large vulnerabilities that weren't addressed (default settings being one of the biggest issues).
(1)
(0)
Maj Kevin "Mac" McLaughlin
"clueless user or clueless administrator"
Both and more. Security has to be part of the culture within an organization, and it is upon leadership to push that culture. All too many times I have seen leadership place unrecommended exceptions upon themselves, IT/security get complacent (or downright negligent), and of course there are bad/untrained users.
From a military perspective, is a commander of an installation not responsible for the overall security? Note, ransomware is typically a threat actor, not only getting in, but collecting critical information/system control and rendering them inoperable or inaccessible. Would a commander of an installation retain command of their installation after a similar attack in the physical sense? Doubt it. Especially if it was not only an individual on base enabling a threat actor to get in, but to see that actor get deeper (SCIFs, Flight Line, munitions, etc).
Both and more. Security has to be part of the culture within an organization, and it is upon leadership to push that culture. All too many times I have seen leadership place unrecommended exceptions upon themselves, IT/security get complacent (or downright negligent), and of course there are bad/untrained users.
From a military perspective, is a commander of an installation not responsible for the overall security? Note, ransomware is typically a threat actor, not only getting in, but collecting critical information/system control and rendering them inoperable or inaccessible. Would a commander of an installation retain command of their installation after a similar attack in the physical sense? Doubt it. Especially if it was not only an individual on base enabling a threat actor to get in, but to see that actor get deeper (SCIFs, Flight Line, munitions, etc).
(2)
(0)
0
0
0
LTC Eugene Chu
..."Ransomware involves hackers essentially holding a target computer or computer system hostage by encrypting its files and demanding payment, often via bitcoin. Ransomware can target individuals, businesses and governments alike.
In a statement, the city said the attack had only a limited impact on delivery of city services.
“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted,” read the statement.
The city didn’t indicate whether any financial demands had actually been made or provide other details of the incident.
The Police Department and City Hall websites were down Wednesday afternoon, officials said, and the Municipal Court posted a notice on its website that all jury trials and duties were canceled for the day."...
..."Ransomware involves hackers essentially holding a target computer or computer system hostage by encrypting its files and demanding payment, often via bitcoin. Ransomware can target individuals, businesses and governments alike.
In a statement, the city said the attack had only a limited impact on delivery of city services.
“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services currently impacted,” read the statement.
The city didn’t indicate whether any financial demands had actually been made or provide other details of the incident.
The Police Department and City Hall websites were down Wednesday afternoon, officials said, and the Municipal Court posted a notice on its website that all jury trials and duties were canceled for the day."...
(0)
(0)
0
0
0
The folks executing ransomware are complete scum. I've been on several incident response engagements in the last couple of years, and not only can it affect a country (or countries), but the members of the target are often put through an enormous amount of stress and concern for their jobs. These attacks have also endangered lives. Thus far I have seen how it can affect the energy, financial, medical, and transportation/supply chain sectors, government services, and even non-profit orgs trying to help others (including Veterans). Also, insurance does not always help (if they even have any) as most of the damage is already done where money cannot fix it.
That said, while susceptible users are typically a good vector to gain a foothold into an org's environment, that does not take the blame away from the org's leadership and IT/Security personnel. Are they providing effective training? Exercising certain security elements and testing controls? Are they making balanced decisions to ensure that business operation decisions for access and availability are made with security in mind? Do they create a culture of making security important by setting the example? And finally, are IT and security personnel working together to build established defense-in-depth strategies with the support from their senior leadership?
It's easy to say users are dumb as they constantly click the links of phishing attacks, surf unsafe Internet locations, and install vulnerable applications but that is no excuse. This is not to excuse them by any means, but how were they able to do some of this in the first place? Are they allowed to have privileged access to their systems, enabling them to install applications? Is there a whitelist/blacklist and or controls for unsafe Internet behavior? Let me also point out that with enough research and knowledge, I could easily target individuals enough to know how to send a legitimate spear phishing attack to gain that foothold into a network. It's what I can do after I get that foothold, that orgs also need to think about. Do they have good password policies? Are privileged accounts monitored and separated from regular user accounts? What kind of controls and detection/prevention tools are employed and are they keeping them up to date with the latest TTP safeguards? Do they consume proactive cyber intelligence reporting specific to what threat actors are likely going to do against their networks?
I could go on...
That said, while susceptible users are typically a good vector to gain a foothold into an org's environment, that does not take the blame away from the org's leadership and IT/Security personnel. Are they providing effective training? Exercising certain security elements and testing controls? Are they making balanced decisions to ensure that business operation decisions for access and availability are made with security in mind? Do they create a culture of making security important by setting the example? And finally, are IT and security personnel working together to build established defense-in-depth strategies with the support from their senior leadership?
It's easy to say users are dumb as they constantly click the links of phishing attacks, surf unsafe Internet locations, and install vulnerable applications but that is no excuse. This is not to excuse them by any means, but how were they able to do some of this in the first place? Are they allowed to have privileged access to their systems, enabling them to install applications? Is there a whitelist/blacklist and or controls for unsafe Internet behavior? Let me also point out that with enough research and knowledge, I could easily target individuals enough to know how to send a legitimate spear phishing attack to gain that foothold into a network. It's what I can do after I get that foothold, that orgs also need to think about. Do they have good password policies? Are privileged accounts monitored and separated from regular user accounts? What kind of controls and detection/prevention tools are employed and are they keeping them up to date with the latest TTP safeguards? Do they consume proactive cyber intelligence reporting specific to what threat actors are likely going to do against their networks?
I could go on...
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google