The US is Fighting in the Cyber Trenches

Yes, the US is under cyberattacks - constantly

Being a rich superpower comes with a price, as the US found out the hard

 way. Especially American healthcare and financial organizations remain popular targets, since they are rich pickings for cybercrooks. Infrastructure is another favorite, as are municipalities which have often outdated cyber defenses.

Looking back, 2017 which was a peak year with 1.57B data breaches and close to 179M data records exposed (Source: Statistica).

Although it’s only April now, 2018 has already witnessed some pretty scary data breaches.

Download our white paper on how to avoid being victimized by ransomware

  • On January 3, 2018, the US Department of Homeland Security (DHS) announced that a former employee had made an unauthorized copy of a database containing the personal information of more than 240,000 current and former DHS employees.
  • In March 2018, JokerStash, a hacking syndicate, announced that it will release information on more than 5 million credit and debit cards stolen from Lord and Taylor and Saks Fifth Avenue.
  • According to the DHS and FBI, Russian government hackers targeted multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing during March 2018.
  • On March 22, the computer systems of the City of Atlanta were breached by a ransomware attack which crippled the city’s online systems. The hackers locked the data and would only unlock once they received $51,000 in bitcoins.
  • At the same time, Denver was hit by a ransomware attack pulling down important websites including denvergov.org and pocketgov.org and online services. Since the city was able to control the damage, no ransomware was paid.
  • In March 2018, hackers tried to shut down the 911-system of Baltimore. The threat was isolated successfully and no other servers or systems across the city’s network were effected.
  • On March 25, Boeing was hit by a cyberattack. Few machines of the company were attacked, while the production equipment remained safe.
  • At the end of March 2018, the FBI announced that 9 Iranian hackers (who worked together with the Islamic Revolutionary Guard Corps, the Iranian hacker network aka the Mabna Institute, and the Iranian government) attacked the computer systems of 144 American universities and stole 31.5 terabytes of valuable data, including scientific research, dissertations and journals.

What does this teach us? On the hacker side, government-sponsored hackers have joined the fight. As we have seen above, state-sponsored cyberattacks aimed at the US are no exception. In a previous blog, we explained the intricacies of Iran’s cyberwar. As Cymulate, we predict that more such attacks from nations hostile to the US will follow. But ransomware attacks on municipalities will also continue, following the Atlanta and Denver attacks.

To shift gears, the burning question that keeps being asked in board rooms across the US today is: What can be done right now to make sure that our organization will not be hacked and we lose our valuable data?

The answer lies in a comprehensive approach consisting of:

  1. Identifying critical assets

Organizational networks have grown rapidly spanning a variety of ecosystems, from virtualized data centers to multi-cloud environments. Combined with the growing number of endpoint devices attached to the network and IoT devices, keeping all of them secure has become a major headache. It’s hard to keep clear visibility of the security posture in this fast shifting infrastructure. Using a BAS platform such as Cymulate’s, allows organizations to get insight into the overall security posture and get recommendations for mitigation to prioritize (e.g., boosting the security of critical assets first).

  1. Performing risk assessments

To really get ahead of vulnerabilities, finding out in advance where security defenses need to be bolstered is essential. Risk assessments helps to understand the weak spots of the existing system and environment. With a Breach and Attack Simulation (BAS) platform, organizations can focus on protecting and monitoring their complex networks. It allows them to zoom in on those risks that have the greatest impact by constantly aligning their security and business objectives.

  1. Boosting the security of the network architecture

Network architectures and security frameworks have a tendency to grow in size and complexity, which in turn makes security solutions and controls less effective and more complex.  As a result, the network will have blind spots and limited asset protection. To fully understand their strengths and weaknesses, organizations are advised to run assessments using a BAS platform.

Download our white paper on how to avoid being victimized by ransomware

To learn how Cymulate’s BAS platform can help, contact us at Cymulate or sign up for a FREE assessment.

 

Filed Under: cyber warfare, Cybercrime, Risk Assessment