In a recent report, FireMon found that nearly 60% of the security professionals surveyed believed security lagged behind cloud migration in their organizations. Misconfiguration is a common security issue that organizations face as they look to accelerate their technological implementation said Tim Woods, vice president of technology alliances at FireMon. The server had initially been set up for a short testing period, but had never been disconnected from the network. The attackers had gained entry to CDOT’s system through a misconfigured virtual server that used a domain administrator account, giving the server access to far more of the network than it should have.
#RANSOMWHERE CDOT HOW TO#
They also helped with logistics, developing a schedule for response team members to ensure everyone took some time to recover and also delivering pallets of bottled water to teams who had become so focused on resolving the issue that they had become badly dehydrated.įollowing the attack’s resolution, Blyth and her team developed an after-action report to identify the root causes of the attack and how to avoid a repeat attack in the future. The office helped the office of information technology sync its priorities with CDOT, staggering department meetings so that CDOT meetings could include the latest findings from the response teams. While the office of emergency management typically handles natural disasters, Blyth found that some of the same methodologies applied to cyber incident response. Thanks to their combined effort, they restored most of CDOT’s systems in a matter of weeks, far more quickly than CDOT expected. One key takeaway from the incident and the government’s response was the importance of partnerships, including within the state government, with federal agencies such as DHS and FBI, and with vendors. The office referred it to the governor, who declared a statewide emergency and called in the national guard’s cyber defense unit to help resolve the issue.
Her office thought they had contained SamSam in a week, Blyth said, but after systems became infected again, she contacted the office of emergency management. The attack affected approximately 1,300 systems and 400 servers, bringing down CDOT’s VOIP phones and disabling the department’s employee and vendor payment systems. State of Colorado CISO Deborah Blyth discussed how her office coordinated with the state’s office of emergency management after the Colorado Department of Transportation (CDOT) was hit with SamSam in 2018. Ransomware is one of the biggest topics discussed at the 2020 RSA Conference during a seminar on emerging threats, as everyone from multinational corporations to local school districts look to reduce their ransomware risk and develop a response plan in the event of an attack. Since 2018, however, ransomware has been on the rise, leading some state and local governments - including the states of Colorado and Texas and the city of New Orleans - to declare states of emergency after ransomware paralyzed services. Few would think of a ransomware attack on the same level.
When one thinks of a statewide emergency, a couple of examples come to mind: a wildfire, a snowstorm or a tornado.
0 kommentar(er)
