Bracing for the next Atlanta: Preventing Cyber-Attacks on Major Cities

Two weeks ago, the city of Atlanta suffered a large scale cyber-attack.


All court dates had to be rescheduled, all city job applications had to be suspended until further notice, and some law enforcement officials reportedly had to write reports by hand. Six days after the attack, the city’s computer system was still down.


Detailed information of the attack isn’t yet fully available, but we do know that it was a variant of the SamSam ransomware that brought large parts of the city’s government to its knees.


“I just want to make the point that this is much bigger than a ransomware attack,” said Keisha Lance, the mayor of Atlanta. “This is really an attack on our government, which means it’s an attack on all of us.”


Who did it? How did they do it? What was their motive? And while we wait for the full report, we should ask ourselves… why are we so surprised that this has happened?


Just in December, the city of Charlotte and its county government were attacked. Last month, Boeing grappled with a variant of WannaCry, and a week ago, the city of Baltimore was forced to shut down its emergency dispatch system for seventeen hours due to a cyber-breach.


Cities, counties, and companies are getting hacked left and right, and this trend will only escalate.


A Matter of When, Not If, The Next Gen V Attack Will Happen


Barring the full forensics report, we can only make some assumptions about the attack’s methods and the surfaces that were targeted. What is clear however is that this attack was what Check Point identifies as a fifth-generation cyber-attack.


Imagine a common house burglar. At their first house, they scan for an open window, an unlocked door, an open garage… any obvious opening. If they can’t find an easy way in, they’ll take a look at the house next door, methodically working down the block, hoping to find an absent-minded homeowner who forgot to properly secure their houses while away on vacation.


Today’s cyber-attackers think bigger and bolder.


Today’s attacks are fast moving, multi-vector, globally-scaled, and powered by leaked, state-sponsored tools… which make major city governments a natural target. City governments are complex, multi-faceted organizations, with various public-facing departments that hold their citizens’ valuable information. For cybercriminals, the incentives, the obstacles, and the exposed openings are much bigger.


Take for example a professional art thief trying to break into a museum to steal a prized, multi-million dollar painting. The museum invests considerably more time and money in securing the premises, but by nature, the museum is a massive, complex, public-facing structure, with many access points in and out of the building. The obstacles are greater – for one, most houses don’t have round-the-clock security – but so are the possible entry points, as most houses don’t host tens of thousands of strangers daily.


Previous generations of cyber-attackers operated like common house burglars. As the incentives and stakes keep rising in cyber-warfare, fifth-generation cyber-attackers are now operating more like professional art thieves. Using the same tools that government intelligence agencies use, the current generation of cyber-attacks rapidly scan multiple surfaces, looking for vulnerabilities in mobile, in cloud, and in IoT devices until they find their way in.


Gen V attacks easily evade non-integrated, detection-only security set-ups, and require totally different sets of cyber security tools than were effective against previous generations of cyber-attacks. Proper security today means having threat prevention with layers of mobile and cloud security, combined sharing of real-time threat intelligence across all surfaces, so systems are able to proactively defend against zero-day vulnerabilities across all of its vectors.


A city government the size of Atlanta deploying anything less than fifth-generation cyber security protection is like leaving the Mona Lisa gift-wrapped on the front steps.


2017 was supposed to be the wake-up call for organizations across the globe, big and small, to rethink their cyber-security strategies and policies. If 2017 wasn’t the wake-up call, we can only hope that this early-2018 attack won’t be treated like another snooze button.


Moving Forward: Preventing Gen V and Ransomware Attacks


With 95 percent of organizations unequipped to prevent these new-age attacks, it’s a matter of when, not if, the next major cyber-attack on a government or multinational enterprise will. Everyone else – from city and state governments to large global enterprises to critical infrastructure providers – is leaving their side and back doors completely unlocked for today’s evasive, sophisticated hacker to exploit.


In addition to threat prevention with mobile and cloud security capabilities, there are some basic steps that all organizations can take to prevent ransomware attacks, outlined below:


  1. Patch your systems – implement processes for patching all servers, PCs and software components. This helps reduce exposure to attacks.
  2. Use an Intrusion Prevention System – Intrusion Prevention Systems provide a layer of real-time virtual patching on the network, protecting all online systems even if they are unpatched.
  3. Use advanced zero-day protections – Ransomware often uses advanced techniques in order to bypass traditional defenses. In order to combat unknown, zero-day ransomware and other attacks, you need to apply advanced protection technologies such as a sandbox and file sanitization.
  4. Use dedicated Anti-Ransomware technologies – Anti-Ransomware is designed to be the ultimate last line of defense. The protection runs on PCs and servers, and if all else fails, it will detect the ransomwares encryption action as it starts, analyze and quarantine the malware (even if it’s unknown) and automatically restore any data that was encrypted.
  5. Cover all your IT assets – IT environments are complex, very complex. They span desktop and laptops, mobile devices, servers and the cloud. Companies should seek to adopt a unified solution that is architected to cover all these elements, that includes all layers of advanced protections, and which focuses on preventing attacks rather than just detecting them.