2024年1月19日,一次网络攻击被 华盛顿县官员 最终在1月24日变成了全面的勒索软件攻击. The attack created major problems for the county’s network and computer systems and resulted in a ransomware payment of nearly $350,000.
The county’s information technology department worked with federal investigators and third-party cyber experts to combat the attack and prevent the malware from spreading to other systems while trying to understand the logistics surrounding various aspects of the breach.
2月5日, digital forensic consultant Sylint confirmed to the county officials that threat actors had obtained “large amounts of data” from the county’s network that could be “injurious to the county and its residents” if it were to be released on the dark web.
支付赎金的最后期限是2月6日下午3:30. On February 6, county officials held an emergency meeting to vote on paying the ransom. 委员们以2比1的投票结果, 一笔高达400美元的付款,000被授权, 将通过加密货币公司DigitalMint支付.
支付346美元,687 was sent to the threat actor(s) in exchange for the “digital encryption key” that was to unlock the county’s system with an understanding that none of the private information would be shared on the dark web.
减轻网络攻击的最佳做法
Cyber criminals are continuously working on ways to exploit both public and private organizational information technology systems for monetary gain.
相应的, businesses and government organizations are working to identify appropriate investments in protective, 侦查和响应能力,以减轻违规的风险. 下面的列表标识了 重要的建议 对于任何希望改善网络卫生的组织:
- 进行年度审计,如渗透测试和安全审计, 利用NIST等领先的网络框架, 独联体, ISO, 等.
- 整体, 组织应该优先考虑保护, detective and response/recovery controls such as those identified through leading cyber frameworks (NIST, 独联体, ISO). 例子包括:
- 灾难恢复计划 – Formalize systems and exercises to ensure that systems can be recovered to their recovery objective states; and test system recovery capability regularly based on system criticality.
- 建立补救阈值 – Formal thresholds facilitate vulnerability fixes within risk-tolerable timeframes.
- 使用Geo-Blocking – The process of limiting user access to the internet based on a user’s physical location.
- 不可变和异地备份 —对备份进行加密并远程存储.
- IT一般控制 —实施限制管理员等控制, 禁止账户共享, 实现强密码设置, 限制对程序和数据的访问, and limiting change management and development procedures to the appropriate personnel.
- 事件应变计划 -使角色正规化, responsibilities and response processes/playbooks to ensure organizational readiness in the event of a cyber incident.
- 多因素身份验证(MFA) - MFA对防止网络攻击至关重要. 安妮·纽伯格,美国.S. 负责网络和新兴技术的副国家安全顾问, believes—based on evidence presented by key tech industry executives—that 80–90% of cyberattacks could be prevented by properly utilizing MFA.
- 网络隔离 – Segment networks and services to separate network domains with controls designed to block improper access/traffic and restrict content.
- 内部防火墙 -监控和过滤所有传入和传出的网络流量. The firewalls block unwanted traffic and allow authorized traffic to pass through.
- 漏洞扫描 – Perform regular and frequent vulnerability scanning to identify high-priority areas of risk.
- 安全信息和事件管理(SIEM) – Consider enhancing detective controls through a SIEM tool to provide threat detection, 事件分析和事件调查.
These are just some of the high-priority capabilities that organizations should be looking to implement with regularity to ensure that they are maintaining proper cyber hygiene and readiness to avoid becoming the victim of a breach.
网络攻击的风险始终存在, but knowing the proper precautions to take will help to mitigate the impact if or when a breach does occur.
关于施耐德唐斯网络安全团队
The bet9游戏平台 cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
想要了解情况? 订阅我们的双周通讯, 关注网络安全, at 9yir.bjqzgy.com/subscribe.
要了解更多信息,请访问我们专门的 网络安全 页面.