Category Archives: local government

Many public safety agencies remain unequipped to defend against cyberattacks

Posted on by

Less than half of respondents in a survey of first responders said their agencies are “at least somewhat prepared in case of a cyberattack.”

The post Many public safety agencies remain unequipped to defend against cyberattacks appeared first on CyberScoop.

Continue reading Many public safety agencies remain unequipped to defend against cyberattacks

FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group

Posted on by

U.S. and U.K. government agencies called out Iranian government-affiliated hackers Thursday, accusing them of being behind cyber-espionage targeting the defense, local government, oil and natural gas and telecommunications sectors across the globe. The joint alert points a finger at MuddyWater, which the U.S. government for the first time last month attributed directly to Tehran. In the latest warning, the government agencies said that they have observed MuddyWater on the move in Africa, Asia, Europe and North America since 2018. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” reads the alert. The bulletin is the joint work of the the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the U.S. Cyber Command Cyber National Mission Force and the U.K.’s National Cyber Security Centre. MuddyWater has a long history of allegedly spying on primarily […]

The post FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group appeared first on CyberScoop.

Continue reading FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group

CISA’s advisory panel is announced, set to make recommendations on major cyber topics

Posted on by

The Cybersecurity and Infrastructure Security Agency on Wednesday named members to a new cyber advisory panel that will make recommendations on subjects ranging from battling misinformation to gaining aid from the hacker community on national cyber defense. Among the 23 members selected are leaders from social media, cybersecurity companies, major technology firms and critical infrastructure sectors such as finance and energy. It includes officials from Johnson & Johnson and Walmart, as well as a longtime cybersecurity journalist and the mayor of Austin, Texas. “We’re at a pivotal moment in our history — one that demands we think anew about ensuring the security and resilience of our digital infrastructure in the face of increasingly sophisticated cyber threats,” said CISA Director Jen Easterly, whose agency is a part of the Department of Homeland Security. “I look forward to partnering with these distinguished leaders from across industry, academia, and government to tackle some […]

The post CISA’s advisory panel is announced, set to make recommendations on major cyber topics appeared first on CyberScoop.

Continue reading CISA’s advisory panel is announced, set to make recommendations on major cyber topics

Cities Key in War on Ransomware, Neuberger Tells Mayors

Posted on by

When the cybersecurity industry talks about how critical public-private collaboration is to fending off and responding to threats, most of the “public” part of the conversation centers around the federal government, with individual states more recentl… Continue reading Cities Key in War on Ransomware, Neuberger Tells Mayors

Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

Posted on by

A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality. In 2018, officials in Azusa, Calif. paid $65,000 through its insurer Chubb to free up its most vital system and used a free decryption key to unlock the others, City Manager Sergio Gonzalez said. The hackers took control of the city’s police dispatch system for more than a week in the fall that year, he said. State-by-state data breach notification laws have different triggers for when hacking victims must report publicly on what happened. “We did not make a public statement and did not have to file anything legally because we could confirm that no data was migrated out” of police servers, Gonzalez said, according to local new accounts. In an interview with CyberScoop, Gonzalez said the city […]

The post Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. appeared first on CyberScoop.

Continue reading Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

Is Congress finally ready to pass meaningful ransomware legislation?

Posted on by

During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]

The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.

Continue reading Is Congress finally ready to pass meaningful ransomware legislation?

Feds Sound Alarm Over Emotet Attacks on State, Local Govs

Posted on by

CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. Continue reading Feds Sound Alarm Over Emotet Attacks on State, Local Govs

A researcher found zero-days in one city’s software. Then he realized the problem could be bigger.

Posted on by

For Quentin Rhoads-Herrera, this was not a typical security test. A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects. He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software. The product, known as CIPAce, has been used by public and private sector organizations to collect invoices and manage contracts and budgets, according to CIPPlanner Corp., the company that makes it.  “If one attacker happens to exploit this city, then they can look and see, easily, every other city that’s using this … and attack them using the same methods,” said […]

The post A researcher found zero-days in one city’s software. Then he realized the problem could be bigger. appeared first on CyberScoop.

Continue reading A researcher found zero-days in one city’s software. Then he realized the problem could be bigger.

Council returns to using pen and paper after cyberattack

Posted on by

Ten days after a suspected ransomware attack, residents of the English borough of Redcar and Cleveland must be starting to wonder when their Council’s IT systems will return. Continue reading Council returns to using pen and paper after cyberattack