Cybersecurity remains a hot-button issue, as new breaches are announced on a regular basis, companies use advanced technology to fight cyber breaches, and innovative ways are developed to counter cybercriminals. At Kobargo Technology Partners, we always strive to stay abreast of the latest news in cybersecurity, to stay on top of breaches, and help our clients avoid becoming a headline in a future story about a major cybersecurity breach. Here are some items which captured our attention recently.
2019: Six months in. We just reached the midpoint of the year, and there is plenty to recount about the first six months of 2019. Here is a brief recap of the year, thus far.
In May, a surveillance contractor for the U.S. Customs and Border Protection (CBP) was hit by a cyber breach, when hackers stole photos of travelers, along with the license plates of approximately 100,000 people. Tennessee-based Perceptics, a long-time contractor with the CBP, also lost detailed information about its surveillance equipment and how CBP uses it at several points of entry into the country. While CBP was reluctant at first to acknowledge the breach, it later disclosed the incident to The Washington Post newspaper. Just a couple of days ago, CBP suspended Perceptics from federal contracting, with no explanation as to why they did so. The agency has been using technology to ramp up its border surveillance for the past two decades, and it isn’t about to slow down. For example, CBP is increasing its use of facial recognition technology to perform scans of passengers and wants to make it standard procedure at the nation’s top 20 airports within just two years. Not everyone is on board with this, though; privacy and civil rights advocates say facial technology is a threat to U.S. citizens, and contend that this breach of Perceptics is a clear validation of those concerns. In a June interview with WIRED magazine, Jeramie Scott, senior counsel at the Electronic Privacy Information Center (EPIC), said, “The agency simply should not collect this sensitive personal information if it cannot safeguard it.” EPIC has joined forces with 35 other organizations to urge the United States Congress to forbid the use of facial recognition technology on members of the general public. In a letter to the House Committee on Homeland Security, EPIC wrote, “The use of face recognition technology by the DHS poses serious risks to privacy and civil liberties, threatens immigrants, broadly impacts American citizens, and has been implemented without proper safeguards in place or explicit Congressional approval. The technology is being deployed today by authoritarian governments as a tool to suppress speech and monitor critics, minorities, and everyday citizens. Congress should not permit the continued use of face recognition in the United States absent safeguards to prevent such abuses.” In a hearing held this week by the House Committee on Homeland Security, Congress members examined this contentious issue.
Ransomware attacks are on the rise. While hackers using Ransomware to target unsuspecting businesses—particularly hospitals—is nothing new, so far 2019 is looking like a particularly productive year for them. Earlier in July, criminal groups used ransomware to attack the Administrative Office of the Courts, knocking its systems offline. “Our systems have been compromised, so we have quarantined our servers and shut off our network to the outside," said Bruce Shaw, spokesman for the Administrative Office of the Courts, adding that while not all systems were impacted, the Courts took the network offline, just to play it safe. He also said the Court’s IT department was meeting with “external agencies” to determine the severity of the attack. He added that they also don't know yet why they were the target of this attack. “We haven't figured that out yet, we would love to,” he said, adding, “It could be a matter of opportunity, I think.” Court officials said that no private identifiable information that is not in public documents is stored in their systems, which means no Social Security numbers or other sensitive data was compromised. “No private information has been taken, it's not that type of attack,” Shaw added. The Federal Bureau of Investigation (FBI) confirms that concerns about ransomware are warranted. “We are seeing an increase in targeted ransomware attacks," the FBI said in a statement issued this week. “Cybercriminals are opportunistic. They will monetize any network to the fullest extent.”
Industrial and manufacturing firms are the latest targets of hackers using ransomware to steal money from unsuspecting victims. A particularly destructive breed of ransomware has been unleashed as of late. Called LockerGoga, it’s forcing production plants to switch to manual control of their equipment, and can even physically harm a plant’s equipment or a factory’s staff. “If you cripple the ability to operate an industrial environment, you’re costing that enterprise significant amounts of money and really applying pressure for every minute that loss of control continues," says a cybersecurity analyst at a security firm which focuses on industrial control systems. “Unless that system is in a steady state of operation or has good physical fail-safes, you now have a process out of your control and out of view of your own eyes. That makes this extremely irresponsible and very nasty,” he concludes.
The government is again considering legislation on cyber attacks. First considered in 2017, Congress is looking at the Active Cyber Defense Certainty Act (ACDC)—known as the “hack back” bill—would give corporations and other entities who’ve fallen victim to hackers the go-ahead to go beyond playing defense, and “hack back” against the perpetrators who’ve attacked them. The measure has found bipartisan support. Under current law, U.S. corporations are forbidden to “hack back.” The Computer Fraud and Abuse Act (CFAA), specifically states that companies cannot engage in any form of digital vigilantism if they’ve been the subject of an attack. They aren’t allowed to use the internet to pursue hackers. This has led corporations to feel they are defenseless against such attacks.
The Coast Guard deals with cybersecurity. In February of this year, an ocean-going vessel on an international voyage, bound for the Port of New York and New Jersey, experienced a “significant” cyber incident that affected their shipboard network. The Coast Guard led an interagency team of cyber experts to conduct an analysis of the vessel’s network and essential control systems. They concluded that while the malware severely impacted the functionality of the vessel’s onboard computer system, it didn’t impact essential vessel control systems. The investigation also determined that the vessel did not have effective cybersecurity measures in place, which led to significant vulnerabilities to critical vessel control systems. The risk to the ship’s onboard network was well-known among members of the crew. While most of them didn't
use the ship’s computers to check personal email, monitor their bank accounts or make purchases online, the shipboard network was used for official business, such as communicating with shore-side facilities, pilots, agents, and the Coast Guard, as well as updating electronic charts, and managing cargo data. The Coast Guard released a Marine Safety Alert concerning this incident earlier this month. Here are some of the conclusions reached by the Coast Guard, in that Safety Alert:
“In order to improve the resilience of vessels and facilities, and to protect the safety of the waterways in which they operate, the U.S. Coast Guard strongly recommends that vessel and facility owners, operators and other responsible parties take the following basic measures to improve their cybersecurity:
• Segment Networks. ‘Flat’ networks allow an adversary to easily maneuver to any system connected to that network. Segment your networks into ‘subnetworks’ to make it harder for an adversary to gain access to essential systems and equipment.
• Per-user Profiles & Passwords. Eliminate the use of generic log-in credentials for multiple personnel. Create network profiles for each employee. Require employees to enter a password and/or insert an ID card to log on to onboard equipment. Limit access/privileges to only those levels necessary to allow each user to do his or her job. Administrator accounts should be used sparingly and only when necessary.
• Be Wary of External Media. This incident revealed that it is common practice for cargo data to be transferred at the pier, via USB drive. Those USB drives were routinely plugged directly into the ship’s computers without prior scanning for malware. It is critical that any external media is scanned for malware on a standalone system before being plugged into any shipboard network. Never run executable media from an untrusted source.
• Install Basic Antivirus Software. Basic cyber hygiene can stop incidents before they impact operations. Install and routinely update basic antivirus software.
• Don’t Forget to Patch. Patching is no small task, but it is the core of cyber hygiene. Vulnerabilities impacting operating systems and applications are constantly changing—patching is critical to effective cybersecurity. Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st-century maritime environment. The Coast Guard therefore strongly encourages all vessel and facility owners and operators to conduct cybersecurity assessments to better understand the extent of their cyber vulnerabilities.”
We hope you’ll agree that these are all solid recommendations for all organizations who want to improve their cybersecurity and not just the Coast Guard.
Don’t count on Congress—or the Coast Guard— to protect your cybersecurity. You can’t afford to ignore this important element of your company’s infrastructure or leave it to chance. It can be exceptionally costly to bounce back from a cyber breach—costly for your company, your customers, and your well-earned reputation. That’s why you need to contact Kobargo today to arrange a no-obligation consultation to do a deep dive into your IT system security and discuss ways to safeguard your organization in today’s increasingly treacherous digital world. Let our team of IT professionals work with you to increase productivity, decrease downtime and keep your customers—and employees—safe and happy.