I’m sure it isn’t that big of a surprise that criminals are looking for easy targets. This is especially true when it comes to hacking into networks, stealing sensitive data and ransoming businesses after locking down your computer systems.
We already know that criminals are looking for the lowest hanging fruit when thinking about cybersecurity. Those organizations that are not taking even basic precautions to protect their network—patching systems, monitoring their network, gating their sensitive data—are the real targets of cybercriminals.
On top of targeting low hanging fruit, criminals have started looking for situations where they might have the upper hand. The easiest way to avoid getting yourself into a situation where criminals are exploiting your situation is to know where your vulnerabilities lie and fix them.
Case in point?
When Hurricane Florence spread through North Carolina earlier this fall, cybercriminals were paying close attention to when they should strike organizations and local governments (times when they are already in crisis mode and have their guards down).
One very clear example: Onslow Water and Sewer Authority (ONWASA) reported that a “sophisticated ransomware attack” left their computer systems completely compromised. ONWASA predicts that the impact of the attack, alone, may leave workers without access to their data for “several weeks to come”.
The bigger tragedy here? ONWASA provides critical services to people affected by the recent devastation of the hurricane. They were preparing to help in remediating the impacts of the storm. Instead, they were working on dealing with a major cyberattack.
ONWASA provides water and sewer services to Onslow County—a region that had grappled with the fallout from Hurricane Florence.
How did criminals get into their systems? The very same ways they did for the city of Atlanta or any other major attacks you’ve seen on the news.
ONWASA was attacked by a virus known as Emotet—a ransomware variant that has been around for years at this point. Once Emotet was downloaded onto a network, it self-propagated, spreading like wild fire. It uses a password to brute-force access other machines on your network (that password list is surprisingly effective at cracking credentials, especially those that haven’t been updated in years or users that use the same password for business and personal use).
Once on the network, viruses like Emotet are particularly troubling because they continue to infect without needing a user to take any action.
Even though the utility company said it had “layers of protection in place” including antivirus software and firewalls, their equipment was unable to stop this virus from penetrating the network. And even when their IT department thought that the situation was under control (after seemingly removing the virus from the initially infected machine), it persisted to move and infect the rest of the network.
Cybersecurity experts believe that recent attacks like the one at ONWASA stem from organizations not being prepared for cyber incidents and attacks. IT departments were certainly not on high alert (from a cybersecurity standpoint) during the hurricane warning period. They—like most organization’s we’ve assessed— had thought they were doing enough—even checking boxes off on a security compliance checklist—to stay safe from attacks like the one that crippled their network.
Even after major attacks like the ones we’ve seen this past year on organizations large and small, private or public, for-profit or non-profit. It doesn’t matter. As I mention time and time again, cybercriminals are looking for low hanging fruits—those organizations that haven’t checked and double checked their systems to ensure vulnerabilities have been addressed.
They will strike when you least expect it and they will strike hard. The Department of Homeland Security had issued a warning about resurgences in Emotet infections back in July of this year, warning that the virus takes advantage of known network vulnerabilities and leaves organizations with hard remediation efforts. Their biggest advice to prevent an attack was to make sure to eliminate known vulnerabilities on your network—the easiest way to do this is through a comprehensive network security assessment.
While some organizations have been in recovery mode for the past weeks from major flooding from Florence, ONWASO remains in recovery mode from the major cyberattack, limiting its ability to track and assist victims of the storm.
You can’t predict when a major storm or natural disaster occurs, but you sure as day will sand bag and protect your buildings and homes as much as possible. You’ll buy generators to make sure the power is on and will board windows and doors to protect them from high wind gusts. You’ll do as much as possible and as much as you can with the resources at hand to protect your building.
But what about your network?
Unlike your house in a hurricane, your network is getting bombarded and attacked on a daily basis. Criminals are “feeling out” for networks that appear to be unloved or under-managed. In some cases, they may overlook you—just by chance—because they closed in on a target that was too easy or too good to pass up. But at some point, will one of your users click on a link?
Think about all of your users. Could one of them click on an email or link leading to your entire network becoming infected with a ransomware virus?
Would your IT guys be able to detect it in time? Or will you be like ONWASO, not being able to work for weeks to come?
From 1 to 10, how secure is your network? If you have any doubts in your mind, contact us today for a free network security assessment.