Recent events and President’s responses, Internal security, and the NSA is making it clear that there is a lot of work to be done to reduce US cyber vulnerabilities.
Some places hit harder
The Rublon two-factor authentication platform analyzed data from the 2020 FBI Internet Crime Report and found that the District of Columbia remains the most likely place in the United States to be a victim of a Internet attack, while California followed and Florida tops the list of best-for-worse states in terms of casualties and losses. The Golden State suffered losses of over $ 621 million last year due to cybercrime. The pandemic certainly played a role.
âWe’ve all spent a lot more time indoors and online over the past year, and unfortunately, as you can see from the FBI report, the criminals took full advantage of this situation – extorting over 4.2 billions of dollars to US citizens through cyber attacks. We decided to divide this research into states and analyze where cyber attacks were most likely to occur and in which states victims were losing the most money, âsaid Michal Wendrowski, CEO and Founder of Rublon .
Veteran ransomware and data leak
We have now reached a point where we can worryingly describe some cybercrimes as “common” and, over the past year or so, they have included phishing scams and ransomware attacks.
Phishing scams occurred more than twice as many as the next current attack with 241,342 victims; monitoring of non-payment with 108,869 victims. Extortion was the third most popular crime 76,741 victims, followed by personal data breaches 45,330.
Ransomware also made headlines following the Colonial Pipeline attack, which led to gasoline shortages on the East Coast and pushed up gasoline prices across the country. It was also the most high-profile attack, as the DC Police Department was also targeted by cybercriminals last month for releasing the personal files of nearly two dozen officers, including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial and marital histories.
In another case, the personnel data may were leaked, according to security expert Jeremiah Fowler, who discovered an unprotected password-protected database containing medical information relating to some 200,000 veterans. United Valor, the contractor responsible for maintaining the database, restricted public access after being alerted, but Fowler said he also found a ransomware message claiming all the recordings had already been downloaded.
“If the researcher found this database of 200,000 medical records, then who knows who else may have also found it and ran away from the very sensitive PII data of the veterans,” warned Saryu Nayyar. , CEO of cybersecurity research firm Gurucul.
âUnited Valor doesn’t seem to be in control,â she told ClearanceJobs in an email. âThey claim that only two IP addresses accessed the data: that of United Valor and that of the researcher. It seems doubtful. All in all, this is a troublesome find, especially given the sensitivity of the data. “
At this point, it looks like the damage has been done, but that doesn’t mean it should have been allowed.
âThe only explanation for having a publicly exposed database is due to poor application design and development. It could also indicate that United Valor practices poor internal cyber hygiene as it appears that “the data was only accessed through our internal IP address and yours,” explained Tom Garrubba, Chief Information Officer. within the risk management company Shared Assessments.
âThis could be an indicator of the presence of an insider threat,â Garrubba told ClearanceJobs. âThere are many tools and logging features available to monitor these insider threats and it appears that these are either non-existent in the United Valor IT toolkit or exist but are being misused. These tools could have helped identify when the “ransomware” occurred and were helpful in their follow-up investigations. “
National Cyber ââSecurity Review Committee
Last week, the Biden administration issued new executive orders to improve the country’s cybersecurity. This included policy changes, and Biden said federal information systems should meet or exceed the standards and requirements set out in the OE. The orders also called for removing barriers to sharing threat information and modernizing the federal government’s cybersecurity systems.
âThe decrees were a set of efforts and reflections around cybersecuritySaid Garret Grajek, CEO of cybersecurity firm YouAttest. âMany included better coordination and communication between agencies and between government and the private sector. It is a welcome improvement. Immediate sharing of attack intelligence must be implemented if the United States is to contain colonial ransomware attacks and other major threats.
âOf course, in a free world and free Internet, the US government does not own or control the traffic that passes through a nation, like China does. To counter this lack of centralized control, communication sharing is paramount and the executive order includes a provision to create a new National Cyber ââSecurity Review Board, âGrajek told ClearanceJobs via email. âThe National Cybersecurity Safety Review Board, modeled after the National Transportation Safety Board, is a smart step towards this goal.â