Comment: New Orleans Government Shut Down By Massive Cyber Attack

It has been reported that New Orleans has declared a state of emergency after falling victim to a cyber attack which forced the shutdown of all the city government’s computers. The attack, which was first detected at 5 am on Friday, intensified as staff logged on for work about three hours later. Officials detected ransomware and phishing attempts, forcing the city to take all its computers offline at 11 am on Friday.

Subscribe
Notify of
guest
6 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
David Warburton
David Warburton , Senior Threat Evangelist
InfoSec Expert
December 17, 2019 3:39 pm

Phishing continues to be a major source of profit for cyber-criminals, and a big hassle for cyber-defenders – no matter how large or secure an organisation is. In fact, the F5 Labs 2019 Application Protection Report found that phishing was responsible for 21% of breaches and was the second largest cause of breach reported by U.S. companies. The reason is simple: it’s easy and it works. Attackers don’t have to worry about hacking through a firewall, finding a zero-day exploit or deciphering encryption. The hardest part is coming up with a good enough email to trick people into clicking on a link and creating a fake, malicious site for them to land on.

These simple attacks can lead to huge ransomware attempts like the one we’ve seen with New Orleans. The consequences are potentially dire for reputations and bottom lines alike whenever ransomware strikes. It may be tempting to pay up, but it is best not to. You can guarantee hackers will be back for more. Either way, the cost of a ransomware attack can be huge: you’ll either be paying the attackers a king’s ransom in Bitcoin or coughing up millions to recover and repair from the infection.

The battle against ransomware calls for a defence-in-depth approach. Regular employee training is proven to help reduce the likelihood of users clicking on malicious links, though it will still happen. For this reason it’s essential to protect what the cybercriminals are after – employee passwords and the ability to exploit unpatched systems. A rigorous and consistent software patching policy will help reduce this risk and the use of multi-factor authentication should be enforced for every employee to protect against stolen credentials. To date, ransomware has usually hit traditional, general purpose, physical computers, but it is only a matter of time before it becomes a big problem for IoT devices, mobiles, and cloud systems as well.

Last edited 2 years ago by David Warburton
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
December 17, 2019 3:32 pm

New Orleans is probably better prepared for manual operations than many other cities due to its experience with handling disasters and the planning it will have in place for future events. If it is able to keep skeleton services running despite having no IT serviced this could be a good example for other cities to follow. Details of the attack are scarce but it isn’t an attack without precedence. Ransoms charged were in the hundreds of thousands of dollars and many victims are choosing to pay the ransom. Insurance companies in these cases are pushing to pay as it is usually a lot cheaper than suffering an attack, but this is fuelling this criminal industry.

Unfortunately, we will continue to see the low-hanging fruit of smaller cities and municipalities being targeted, particularly where there is a high prevalence of cyber insurance in place, where insurers find the ransom cost lower than remediation costs. Hopefully as this part of the insurance industry evolves it will work more closely with cybersecurity vendors and service providers to ensure that insured parties are properly protected from the majority of threats.

Last edited 2 years ago by Matt Aldridge
Alyn Hockey
Alyn Hockey , VP Product Management
InfoSec Expert
December 17, 2019 3:26 pm

Ransomware remains big business for cybercriminals. The tools for a ransomware attack are becoming increasingly sophisticated and commercially available on the dark web, meaning we are seeing more successful attacks like this one. And attacks on governmental organisations are becoming even more common because the data up for grabs is incredibly lucrative. While you can change your password, you can’t change the data stored on you by local government – your date of birth, your home address, or your mother’s maiden name. Because of this, there is better potential for further attacks on individuals in the future.

In this instance, the City of New Orleans is now in a reactive state, trying to minimise the damage done which is ultimately shutting down many operations. Unfortunately, there is no silver bullet when it comes to eradicating the chances of a ransomware attack hitting a business, or in this case, an entire city but it is possible and practical for businesses, cities and even countries to take proactive, early steps towards shoring up defences. The case of ransomware is a prime example of the need for an approach to cyber security centred on People, Processes and Technology. It is vital that businesses not only educate their staff to be fully aware of best practices and the correct procedure to follow in case of an attack, but also implement robust, advanced and strategic technology solutions to give themselves the best chance of never needing to pay a ransom in the first place.

Last edited 2 years ago by Alyn Hockey
Adam Laub
Adam Laub , CMO
Industry Leader
December 17, 2019 12:18 pm

Modern ransomware variants are incredibly sophisticated and highly difficult to defend against. Gone are the spray and pray days of ransomware. Now it’s about complete compromise, where the ransom aspect is more so a demonstration of just how deep the compromise is.

The focus on cities and local government entities feels predatorial though. These types of organizations often provide important services to large numbers of people, yet commonly lack the capabilities needed to defend themselves due to lack of funding, talent, and tools.

Perhaps an unintended consequence of focus on these types of organizations will not just be a heightened level of awareness amongst the general public, but the desire for the general public to push for the resources their local governments need to match up with these highly motivated adversaries.

Last edited 2 years ago by Adam Laub
Joseph Carson
Joseph Carson , Thycotic
InfoSec Expert
December 17, 2019 5:49 am

The recent actions by the New Orleans city government’s declaration of a state of emergency shows the effect that a cyber-attack can have on a city. In my experience, sometimes it is better to shut things down to prevent systems from becoming encrypted by ransomware as well as to prevent employees from clicking on phishing attempts that could see accounts becoming compromised. It is better to have a temporary loss of service rather than deal with recovering from a ransomware attack. However, it shows that when critical services are unavailable or processes go back to manual it can create major service disruptions. While the actions of the New Orleans city government appear extreme they have done the right thing as preventing data from being destroyed is better than having to recreate it.

Last edited 2 years ago by Joseph Carson
6
0
Would love your thoughts, please comment.x
()
x