Major Cities and Major Attacks: What the heck is going on?

Three major cities were attacked within the last few weeks which lends the question: What the heck is going on? Is it a wider issue among the cities in America? Or a specific vulnerability?

The reality: It’s likely a combination of issues.

In Atlanta, computers have been down for about a week and the nitty-gritty details of the attack are being delivered on a need to know basis and are still pretty hush hush. What we do know is this; SamSam, a form of ransomware that specifically targets vulnerable servers, has paralyzed the city.

SamSam targets vulnerable servers that have been left exposed to the Internet or by targeting and exploiting specific, known vulnerabilities. Its attacks tend to be much more premeditated and have focused primarily on healthcare organizations in the past.

When asked about how the system was first attacked, Mayor Keisha Lance Bottoms didn’t offer many details around specifics but rather stated “We’re looking at the entire system. We have some thoughts about what our vulnerabilities are but really right now our focus is what we need to do moving forward,”.

It’s great to “move forward” from an attack and take action to remediate, but what about proactively ensuring the cities in America are secure? It’s the people’s information that is at stake.

With security being at the heart of everything we do, we take these attacks personally.

Here are some areas that we see as the most vulnerable:

• Creepy Crawly Bugs – According to Bugcrowd, an ASMGi partner, in 2017 the total number of valid vulnerabilities is an industry-leading 52,045 which has increased 25% over the year prior. There will always be bugs and there will be fixes for those bugs. It is a matter of taking action to find the bugs and remediate.
• Large Attack Surfaces – It isn’t the 1990’s anymore. Today, almost everything is connected to the internet creating a widespread landscape for the bad guys to attack. The best thing to do is to ensure your entire inventory is secure and that starts with knowing your complete inventory of software, hardware, and devices.
• Encryption issues – Is your encryption secure? A few common mistakes when it comes to encryption includes: believing your developers are security experts (HINT: they likely aren’t), thinking regulatory compliance means security, and never changing your keys. Making you’re your encryption is as solid as a rock is key.
• Patch Problems – The REAL problem is this: patches aren’t being done, or they aren’t getting done on time. WannaCry is a prime example. Patches are the glue for mitigating software flaw vulnerabilities. They need to be done. Coming up with a process that not only implements the patch but also incorporates prioritization and testing is key.
• Legacy Systems – Unpatched software, hard-coded passwords, lack of vendor support, the list goes on when it comes to vulnerabilities of legacy systems. Modernization is ideal but if that is not a possibility – keep an inventory of your legacy systems and back up your data.

When it comes to government entities, so much focus is on physical infrastructure that digital infrastructure gets shuffled to the back-burner. To properly address security in our cities, a proactive, cross-functional security team needs to be established.

There’s always outside help available when things get tough. We’ve worked for major counties in Ohio to ensure their systems are secure and proactively working for them.