BACKGROUND:
Multiple outlets are reporting the NYC Cyber Command first detected the breach on Saturday. The law dept. has over 2,000 employees and services over 1,000 lawyers, who have lost access to the network. Spokeswoman Laura Feyer said the breach occurred on Saturday and that they had limited access to the network on Sunday. In an interview with NY1, Mayor De Blasio confirmed the city law department was the target of a hack but no information was compromised. No ransom was sought. Email accounts were still shut down on Monday.
<p>Enterprises have to understand all sites on the internet are constantly being scanned. Of course there are targeted attacks where the enterprises is chosen for its value or economic/political status and then reconnaissance is performed. But many attacks are simply resultant of internet scans where specific software or network vulnerabilities are quantified with off the shelve tools. From there the attackers run downloaded attack scripts to manipulate the vulnerability. Then the payload is loaded – which could be malware to extract PHI (personal healthcare information) or PII (Personal identification information), or encryption software for a future ransomware attack – or they may just load tools to help them move laterally across the enterprise till a target is found. </p> <p> </p> <p>It is the signature of these tools that helps us identify the attacker. In addition law enforcement has a list of the IP addresses of the C&C (Command and control center) that the malware communicates back to the attacker. It\’s these types of investigations that can eventually lead investigators to discover the source and nature of the attackers.</p>
<p>It is strongly advised that all government agencies, local, state, and federal, increase their diligence in their cyber security efforts. Threat actors are particularly targeting state and local government systems because of their history of using antiquated systems, running obsolete versions of software, and generally executing poor or even non-existent, cyber hygiene.</p>
<p>New York has one of the nation’s top IT and cyber security infrastructure and organization. This incident demonstrates that no matter how good you are, no one is immune from the devastating potential of today’s data breaches. While the exact cause of this incident is still unknown, the Verizon Data Breach Investigations Report (DBIR) indicates that over 80% of data breaches rely on exploiting lost or stolen passwords. Departments that deal with sensitive information and customer data are prime targets for bad actors as they represent a honeypot of Personally Identifiable Information (PII) that can be a target in its own right or in turn be misused for social engineering and secondary attacks.</p> <p> </p> <p>Governments and enterprises need to modernize their Multi Factor Authentication (MFA) infrastructure and aggressively adopt passwordless authentication methods. Such authenticators like phone as a token and / or FIDO2 security keys eliminate the need for password-based credentials thereby eliminating a key vulnerability and reducing the possible attack surface. The organization’s resilience against various cyber threats is significantly improved. Finally, such solutions have less friction as compared to traditional MFA thereby enabling a better user experience and productivity.</p>