Public Sector Cybersecurity Weekly Briefing 04-06-2018

With Paper and Phones, Atlanta Struggles to Recover from Cyber Attack
Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating “ransomware” virus attacks to hit an American city. […] “It’s extraordinarily frustrating,” said Councilman Howard Shook, whose office lost 16 years of digital records.

 

Hackers Take Over Power Billing Records of Indian State; Demand Ransom
The AMR system (automatic meter reading system) of Uttar Haryana Bijli Vitran Nigam (UHBVN) (Haryana power utilities) in Panchkula, India became a victim of cyber-attack by unknown hackers last week. The New Indian Express (TNIE) reports that hackers stole billing data from UHBVN computer systems and are demanding 1 Crore Indian rupee ($153,800) in Bitcoin from the state government for decrypting the files and restoring access to the AMR system.

 

Cities Held for Ransom – Lessons From Atlanta’s Cyber Extortion
All too often, cyber criminals who seek monetary gains from their ransomware attacks exploit so called soft targets, which makes many government agencies easy prey. This is so due to the lack of synchronization of critical systems, harmonization among the numerous third parties’ states rely on to render their services, as well as the difficulty in attracting high-demand cybersecurity professionals who can make a more lucrative career in the private sector.

 

White House Email Domains are at Risk of Being Used in Phishing Attacks
In the latest episode of how badly some branches of government are at cybersecurity, a new study by the cybersecurity outfit Global Cyber Alliance indicates that 95 percent of the email domains managed by the Executive Office of the President could be spoofed and potentially used in phishing attacks. Of the domains that are managed by the Office of the President, only the max.gov email address has fully implemented the highest level of defense against spoofing and phishing emails. Malicious actors often tweak metadata to trick targets into thinking they are receiving email from an official-sounding domain, like whitehouse.gov.

 

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.