Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/28/2019
01:00 PM
50%
50%

Key Biscayne Hit by Cybersecurity Attack

Key Biscayne is the third Florida town to be hit by hackers in June.

A third small Florida town has been hit with a June cyberattack. Key Biscayne, a village of some 13,000 residents, has confirmed that it suffered a "data security event" on Sunday, June 23.

According to reports in local media, all village government systems were running properly as of Wednesday morning. On Thursday morning, village council members voted to authorize funding for IT staff to engage with outside consultants to better understand how the attack happened and how a similar attack can be prevented. No details of the attack or its remediation have been given as of press time.

Key Biscayne's attack follows ransomware attacks on Florida towns Lake City and Riviera Beach. In each of those cases, the city governments opted to pay the ransom demanded by attackers in order to retrieve data and return city systems to functioning states.

In each of these cases, the victim is small: Riviera Beach is a city of around 32,000 in the northern part of the Miami metropolitan area, while Lake City has a population of just over 12,000 in the northern part of the state.

For more, read here and here.

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

 

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tdsan
50%
50%
tdsan,
User Rank: Ninja
7/5/2019 | 7:35:42 PM
Re: Burnt by the Stove
I am definitely in agreement with you there. All the points you stated were right on. But you have to ask yourself, if we continue to do the same thing (definition of insanity is continue to do the same thing expecting a different outcome) and the Ransomware continues to get into the system, that means one of three things:
  • The security systems we have in place are not doing their job and the people managing them are not up to par
  • We need to start looking at security from a different perspective or approach, because quite frankly, this is not working and apply a different set of rules
  • Finally, we have address the issue with executives and they along with the rest are not listening to our concerns

I brought numerous points and suggested to the group on "how do we secure a protocol (IPv4) that is not securable (this question from a buddy of mine by the name of Mike)"? How are we addressing different scenarious using the same methods using the same tools and Ransomware still gets through? That means our design and concepts of thinking has to change, look at what Kevin Mitnik said:

He stated, AV is basically useless, he was able to exploit a vulnerability in the application (Adobe Acrobat Xi or 11) where the AV scanned it twice and said it was ok (he even said McAfee is good for only making video, wow). Look at what he found, the malware is installed on your machine and this is with PDFs. This is just one example of how the hacker is getting into the network, the file is being downloaded to the desktop, then file starts to encrypt your filesystem within one minute of file being opened.

What I have found is that we need to start looking at the following:
  • Move to IPv6, utilize IPsec ESP/AH (Encapsulated Secured Payload and Authenticated Headers) VPN capability
  • Install HIDS on the workstations/desktops (this will help with the execution of applications that could be considered problematic)
  • Encryption should not be an option, it should be required
  • NIPS (Network Intrusion Prevention System) should be installed as well, this will help with identying traffic that comes in and out of the network and it can stop the application from processing or continuing
  • NGFW (NG = Next Generation Firewall) - should be able to capture and filter traffic that is considered nefarious
  • NGAV - we have AVs that perform machine learning, we need to purchase and enable this software because the signature approach is no longer working, we need the software to be able to make decions based on what it has learned
  • There should be a centralized brain where the logs, NIDPS (Network Intrusion and Prevention System), HIDS, NGFW, NGAV all tie into the same system but this SIEM is intelligent enough and fast enough to create quasi-Big-Data  correlations, this should be done in real-time; also, the system needs to be intelligent enough to make a decision based on the level of confidence without user intervention
  • We need to invoke two user access/authentication to data (require two users to turn a key at the same time while one works on that system, similar to way missiles are launched)

Todd
bushmann
50%
50%
bushmann,
User Rank: Apprentice
7/5/2019 | 10:40:36 AM
Re: Burnt by the Stove
I take a different view on this - blame the Security folks including myself. We keep talking the same thing over and over, like compliance checkboxes, audit list, regulations, organizational change cultures, etc but how about viewing all these as our security partners/tools contributing to secure assets in a holistic and comprehensive way. Business executives understand these checkboxes, whereas security folks don't and keep crying fault. When a breach occurs in your organization, who stands in front of the media, security folks or your business?

Security is a part of the overall business and must be viewed as a trusted advisor/partner to the business in identifying risk, educate business owners about risk, recommend controls to reduce risk but the business ultimately makes the final business decision because they own the risk. Who pays for any security controls/programs in your organization? Who do you report to in your organization - business, right?

As security professionals, let's embrace regulations, compliance, audit, and whatever tools that we can use to help business reduce their risk exposure. Stop complaining and finger-pointing. Let's take a hard look inwardly and realize that we too contribute to this issue, that's why security for the longest time have no seat at the table with the board.

My two cents

 
rcash
50%
50%
rcash,
User Rank: Strategist
7/1/2019 | 5:26:08 PM
Compliance mentality trains reaction
We are all on a journey towards Information Security and a significant obstacle is the paradigm imposed on a given organization by 'the compliance mentality'. It suggests that there is a plateu or end point where nothing else is needed, and then during cyclical risk-assesment comes the reactionary and predictably goal-oriented checklists and their check boxes.  This antagonizes maturiy progress due to the instituionalized inertia it creates.  Sincerely, there needs to be a sober industry-wide relook to what copmpliance means, and how it can effectively get businesses to a specified level of security without quenching the desire to be effectively proactive.
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/30/2019 | 2:37:14 PM
Re: ransomware
I agree with you, but we have to have people who are willing to listen. With this new generation of security and executives, hopefully they will be more open to the conversation than our predecessors.

If not, then their rise to prominence will be riddled with age old problems.

Todd
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2019 | 10:34:31 AM
Re: ransomware
Agreed. These are the day to day discussions that as security practioners we must have. "What is the risk?, What is the assessed value?" The important thing is to have an audience with key stakeholders that truly understand the importance of security and don't just think of the funciton as a compliance checkbox.
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/29/2019 | 8:27:22 PM
Re: ransomware
Interesting, I do agree with the relevance of data but to your point, if the data has  been depreciated (not used for sometime or years), then the issue may not be as relevant, but do you report it to GDPR (even if you have controls or appliances in place to address the issue, that is usually an executive decision).

But yes, I do agree it depends on the value of data but when you talk to an executive, they often go overboard so it depends who are talking to and at what time of day, lol.

That's not good enough
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2019 | 7:44:28 PM
Re: Burnt by the Stove
"This is exactly true. Until get hit not understanding true importance of being protected from attacks."

Most definitely. It's still very unfortunate however that organizations are still on the path of reacting over being proactive.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2019 | 7:42:52 PM
Re: ransomware
Agreed but really depends on the data stolen. For something like this yes but if the data was PHI then it could affect patient care.
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/29/2019 | 6:20:12 PM
Re: Burnt by the Stove
Well that is what your security staff is there for. If the staff cannot express their concerns to executive members, then there needs to be a conversation with the oversight commitee or the Chairman's office that can push their initiative. It will take time but it can happen (they need to build alliances first before moving forward and maybe educating the internal staff members so their message will come from everyone - IT Social Awareness).

T
tdsan
50%
50%
tdsan,
User Rank: Ninja
6/29/2019 | 6:16:48 PM
Re: ransomware
Interesting, tell that to the admin staff and executive offices, they are in a panic when this happens.

You can't tell them anything, lol.

T
Page 1 / 2   >   >>
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.