Every municipality has a varied level of services and staffing for the residents. Based on the size, the training would also differ. A smaller village naturally would not have an in-depth cybersecurity training due to the workforce and budgetary constraints. One municipality which may wish they had more training is Vigo County, located in Indiana. On one particular day, the users began to notice their systems weren’t working. This was manifested with the users being locked out of their account.
Although this was curious on its own merits, the attack tool was much more basic. The attackers used a basic tool to compromise the system. There were a number of emails sent with malware included, and the users were clicking away. This malware was coded specifically to find financial and banking data for their unauthorized use. The attack may have been limited to a few systems independently, however this was destructive at an advanced level due to 129 of the 489 county computers not have a patch pushed to the systems. Most of these systems happened to be part of the courthouse network, versus the county government center or another network where there could have been much more damage. The county has stated that no data was exfiltrated. Fortunately there were viable back-ups ready to be used.
Immediately after the successful attack was detected, the county ceased the email and internet activity. The IT Department asked the County Treasurer and Auditor to stop any internal banking activity until the point where there was an assurance the issue was resolved. They also did upgrade a portion of the system in response to the issue.
This issue brings up many actions items to follow for any business. There needs to be additional training, throughout the year, on phishing. This also shows the importance of viable back-ups. Without this, the issue would have been much larger for the county. The focus should also continue to be on patch management. A robust patch management process would have also had a limiting factor on this problem.
Resources
Lehman, S. (2019, February 14). Virus takes out vigo county government computers. Retrieved from https://www.wthitv.com/content/news/It-rekked-havoc-on-us-virus-takes-out-vigo-county-government-computers-505813581.html
Taylor, D. (2019, February 12). Nasty virus hit vigo county’s computers. Retrieved from https://www.tribstar.com/news/local_news/nasty-virus-hit-vigo-county-s-computers/
No comments:
Post a Comment