The cities of Albuquerque, Los Ranchos, and Tijeras were shut down Wednesday by a ransomware attack. In a press release on Wednesday, officials in Bernalillo County disclosed the attack, saying they had taken affected systems offline and severed network connections. Most county buildings had to shut down and employees are working remotely to attempt to maintain services during the system outage. However, as employees cannot access the public databases, there is little they can do for now. The name and type of the ransomware used in the attack is unknown. The disruption is thought to have occurred between Midnight and 5:30 a.m. on Jan. 5.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
January 7, 2022 7:52 pm

<p>Despite widespread deployment of traditional SIEM, endpoint solutions and now Endpoint-based XDR, what has been lacking within most organizations that are victims of successful ransomware attacks is true behavioral-based modeling and detection within the infrastructure. The ability to characterize proper behaviors and user and application access with the right modeling and machine learning can lead to high-fidelity detection of deviations in \"normal\" behaviors and unusual access to systems that are often tell-tale signs of ransomware infections. The ability to bubble these types of alerts as high-priority when appropriate empowers security teams to investigate and detect ransomware much earlier to then respond and thwart a successful attack.</p>

Last edited 10 months ago by Saryu Nayyar
Garret F. Grajek
InfoSec Expert
January 7, 2022 7:51 pm

<p>No company, county or organization is too obscure or too off-the-beaten path for the attackers. To the hackers – the sites are simply targets of opportunity. The automatic scanning they are doing is looking for vulnerabilities – regardless where the target will eventually end up. The Palo Alto Networks Cortex Xpanse team has researched the scanning and has showed the hackers are scanning withing 15 minutes of a known vulnerability – where most companies are not patching and updating for 12 hours.  </p>
<p>The solution is a proactive approach to security such as zero trust networks and active identity governance – knowing who has what and triggering on identity changes.</p>

Last edited 10 months ago by Garret F. Grajek
Nasser Fattah
Nasser Fattah , Executive Advisor
InfoSec Expert
January 7, 2022 7:50 pm

<p>It is unfortunate, but cities will continue to be a big target for ransomware. Many available statistics show that municipalities have a high hit of ransomware. As for the root cause, I would think that a contributing factor is the lack of resources and the use of stale technologies, which collectively make municipalities an attractive target. This is exacerbated with work from home when an already weak security infrastructure needs to support remote work, which now makes the attack surface even bigger.</p>

Last edited 10 months ago by Nasser Fattah
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x