Image: UnsplashAccording
to The Wall Street Journal, the number of ransomware attacks on municipal information systems in various US cities has recently increased significantly. Often, attackers block the work of computers of public sector organizations and demand a ransom for restoring access.
Most often, administrations and municipal institutions of small cities are victims of attacks, however, attacks on large cities are also known: the activity of intruders was recorded, for example, in Atlanta.
Despite the fact that usually the size of the required ransom is not very large and hovers around the mark of $ 1.2 thousand, the attacks cause great damage. This is due to the fact that the authorities do not want to pay a ransom to criminals and prefer to invest in data recovery, system upgrades and incident prevention work in the future.
According to the statistics of the Ponemon Institute company, which is reported by journalists, the number of attacks on the public sector is growing faster compared to the number of attacks on private organizations. So, in May of this year, 38% of government institutions investigated by experts were subjected to extortionists - 7% more compared to last year and 25% more compared to 2016. The Ponemon Institute researches about 300-400 government organizations annually.
According to researchers, the attackers do not choose victims by geography, they do not care what state the city is in, the main thing for them is to find vulnerable systems. According to representatives of the US Department of Homeland Security, cyber-groups, not sponsored by other states, are behind these attacks, but ordinary criminals.
According to Positive Technologies, the average time of presence of a cybercriminal in corporate infrastructure is three years. However, only 10% of the attacks are detected by the victims themselves. The reason is the increase in the number of non-standard and multistage attacks for which there are no signatures and signs of anomaly. In order to prevent serious damage at an early stage of the attack and to get a complete picture of the actions of the attackers, the information security specialist needs access to the “raw” traffic saved over a long period of time. But, as our studies show, only one company out of ten stores traffic, and the storage period does not exceed two weeks. To restore the full picture of the incident, as well as to identify the causes of its occurrence, new technical tools and approaches help.
On Thursday, June 28, at 14:00, during the free webinar, Positive Technologies specialists Dmitry Kim and Maxim Ilchuk will talk about how to put the incident investigation process on stream, and also demonstrate the capabilities of PT Network Attack Discovery, designed to analyze network traffic, detect and incident investigations.
To participate in the webinar you need to register .