Computer systems in Texas were hacked, seized and held for ransom in a sophisticated, coordinated cyberattack that prompted a federal investigation, according to state officials.
Detailed information about the attack has yet to be released, but we do know that the attackers used a variant of ransomware to block all access to state computers.
Who did it? How did they do it? What was their motive? And while we wait for the full report, we should ask ourselves… why are we so surprised that this has happened? It is clear that the ransomware epidemic is here to stay.
Just in December, the city of Charlotte and the county government were attacked. In February, Boeing grappled with a variant of WannaCry. In March, the city of Baltimore was forced to shut down its emergency dispatch system for seventeen hours due to a cyber-breach.
Cities, counties, and companies are getting hacked left and right, and this trend will only escalate.
A Matter of When, Not If, the Next Gen V Attack Will Happen
Barring the full forensics report, we can only make some assumptions about the attack methods and the surfaces that were targeted. What is clear, however, is that this attack was what Check Point identifies as a fifth-generation cyber-attack.
Imagine a common house burglar. At their first house, they will scan for an open window, an unlocked door, an open garage… any obvious opening. If they can’t find an easy way in, they’ll take a look at the house next door, methodically working down the block, hoping to find an absentminded homeowner who forgot to properly secure their house while away on vacation.
Today’s cyber-attackers think bigger and bolder.
Today’s attacks are fast-moving, multi-vector, globally-scaled, and powered by leaked, state-sponsored tools – which makes major city governments a natural target. City governments are complex, multi-faceted organizations, with various public-facing departments that hold their citizens’ valuable information. For cybercriminals, the incentives, obstacles, and openings are much bigger.
Take for example a professional art thief trying to break into a museum to steal a prized, multi-million dollar painting. The museum invests considerable time and money in securing the premises, but the museum is a massive, complex, public-facing structure by nature, with many access points in and out of the building. The obstacles for thieves are greater – most houses don’t have round-the-clock security. But so are the possible entry points – most houses don’t host tens of thousands of strangers daily.
Previous generations of cyber-attackers operated like common house burglars. As the incentives and stakes keep rising in cyber-warfare, fifth-generation cyber-attackers are now operating more like professional art thieves. Using the same tools as government intelligence agencies, they can rapidly scan multiple surfaces, looking for vulnerabilities in mobile, cloud, and IoT devices until they find their way in.
Gen V attacks easily evade non-integrated, detection-only security setups, and require a different set of cyber security tools from those that were effective against previous generations of cyber-attacks. Proper security today means having threat prevention with layers of mobile and cloud security and combined sharing of real-time threat intelligence across all surfaces, so that systems can proactively defend against zero-day vulnerabilities across all vectors.
A city government deploying anything less than fifth-generation cyber security protection is like leaving the Mona Lisa gift-wrapped on the front steps of the Louvre.
2017 was supposed to be the wake-up call for big and small organizations across the globe to rethink their cyber-security strategies and policies. If 2017 wasn’t the wake-up call, we can only hope that 2019 attacks won’t be treated like another snooze button.
Moving Forward: Preventing 5G and Ransomware Attacks
With 95 percent of organizations unequipped to prevent these new-age attacks, it’s a matter of when, not if, the next major cyber-attack on a government or multinational enterprise will happen. Everyone else – from city and state governments to large global enterprises to critical infrastructure providers – is leaving their side and back doors completely unlocked for today’s evasive, sophisticated hacker to exploit.
- Patch your systems – implement processes for patching all servers, PCs and software components. This helps reduce exposure to attacks.
- Use an Intrusion Prevention System– Intrusion Prevention Systems provide a layer of real-time virtual patching on the network, protecting all online systems even if they are unpatched.
- Use advanced zero-day protections– In order to combat unknown, zero-day ransomware and other attacks, you need to apply advanced protection technologies such as a sandbox and file sanitization.
- Use dedicated Anti-Ransomware technologies– Anti-Ransomware is designed to be the ultimate last line of defense. The protection runs on PCs and servers, and if all else fails, it will detect the ransomwares encryption action as it starts, analyze and quarantine the malware (even if it’s unknown) and automatically restore any data that was encrypted.
- Cover all your IT assets– Companies should seek to adopt a unified solution that is architected to cover all IT elements, includes all layers of advanced protections, and focuses on preventing attacks rather than just detecting them.
Check Point Incident Response has experts available around the clock to respond immediately to any security attack against an organization. The Indecent Response team can help you prepare for, respond to, and mitigate situations such as the Texas Ransomware attack.