Preparing for Cyber Threats Against Your City

Similar documents
Center for Internet Security Confidence in the Connected World

Florida Courts E-Filing Authority Board. April Readiness Report

STATE OF FLORIDA CONTRACT NUMBER: ORDERING INSTRUCTIONS

Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Services Guide. 31 Tech Valley Drive East Greenbush, NY

Defending Our Digital Density.

Monthly Cyber Threat Briefing

2017 Annual Meeting of Members and Board of Directors Meeting

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

Cybersecurity The Evolving Landscape

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Business continuity management and cyber resiliency

You ve Been Hacked Now What? Incident Response Tabletop Exercise

Ransomware A case study of the impact, recovery and remediation events

DHS Cybersecurity: Services for State and Local Officials. February 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

The Office of Infrastructure Protection

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Election Infrastructure Security: The How and Why of It

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cyber-Threats and Countermeasures in Financial Sector

Disaster Economic Impact

A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Comprehensive Case Information System (CCIS) August 22, 2017

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Statement for the Record

Security Breaches: How to Prepare and Respond

Cybersecurity is a Team Sport

Emerging Issues: Cybersecurity. Directors College 2015

Ransomware A case study of the impact, recovery and remediation events

Cyber Risks in the Boardroom Conference

FLORIDA DEPARTMENT OF JUVENILE JUSTICE Slot Utilization/Residential Programs Report June 19, 2018

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cybersecurity and Hospitals: A Board Perspective

Personal Cybersecurity

Healthcare HIPAA and Cybersecurity Update

(U) Cyber Threats to the Homeland

Cybersecurity and Nonprofit

Cybersecurity Today Avoid Becoming a News Headline

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Cybersecurity 2016 Survey Summary Report of Survey Results

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Southeast Florida Regional Climate Change Compact Update. Broward Climate Change Task Force February 16, 2017

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Cybersecurity Roadmap: Onward and Upward

ID Theft and Data Breach Mitigation

Standard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1.

The GenCyber Program. By Chris Ralph

Cyber Attack: Is Your Business at Risk?

Managing Cybersecurity Risk

Cyber Insurance: What is your bank doing to manage risk? presented by

Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Information Governance, the Next Evolution of Privacy and Security

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Governance Ideas Exchange

Cyber Incident Response: Step 1

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

The Office of Infrastructure Protection

California Cybersecurity Integration Center (Cal-CSIC)

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Getting Started with Cybersecurity

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Too Little Too Late: Top Reasons Why You Got Hacked

It Takes the Village to Secure the Village SM

Supplier Training Excellence Program

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Cybersecurity Session IIA Conference 2018

Jeff Marron, IT Specialist Security National Institute of Standards and Technology (NIST)

Phishing Activity Trends Report August, 2005

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Cybersecurity Overview

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Data Breach Trends: What Local Government Lawyers Need to Know

What It Takes to be a CISO in 2017

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Cybersecurity for Health Care Providers

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

HIPAA 2017 Compliancy Group, LLC

DeMystifying Data Breaches and Information Security Compliance

Jeff Wilbur VP Marketing Iconix

Transcription:

Preparing for Cyber Threats Against Your City Andrew Dolan Director of Stakeholder Engagement Kateri Gill Program Specialist Florida League of Cities

State, Local, Tribal, or Territorial Government Entity 2

Multi-State Information Sharing and Analysis Center The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's SLTT governments. 3

Who We Serve MS-ISAC Members include: All 56 US States and Territories All 78 federally recognized fusion centers More than 1,300 local governments and tribal nations State, Local, Tribal, and Territorial Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more 4

3.7 Billion Internet Users as of December 2016 10% 9% 9% 4% 1% 50% Asia Europe Latin Am / Carib Africa 17% North America Middle East Oceania / Australia 5

Why Government? Criminals look for data... and governments have a lot of it! 6

The Value of Stolen Information and the costs of a breach Record Type Estimated Underground Value pre record (McAfee and World Privacy Forum) Financial Account $14-$25 Credit/Debit Card $4-$5 Medical Account Data $0.03-$2.42 Full Medical Record with $50 supporting documents Record Type Estimated Breach Cost Per Record (Ponemon Institute 2016 Report) Health $355 Education $246 Financial $221 7

Cyber Threat Actors Nation-states Cyber Criminals Hacktivists Insiders TLP: GREEN 8

Nation-State Actors (APT) Political Leverage Competitive Insight Intellectual Capital Cyber Warfare TLP: GREEN 9

Nation-State Spear Phishing Agency Director Agency Deputy Director Work related Expected business need Expected topic Unknown person Government employee Expected business need Implied relationship TLP: AMBER 10

Hacktivists Doxing DDoS Attacks Social, Political & Ideological Agenda Opportunistic System Compromise Targeted Web Defacements TLP: GREEN 11

Common Motives Against SLTTs Alleged Use of Excessive Force by LEO Perceived Injustice Alleged Animal Cruelty by LEO Alleged Offensive Comments Anti-Government Opportunistic TLP: GREEN 12

Cyber Threat Actor Attack Types - 2016 Compromised Server 1% 1% DDos 20% 4% 7% Data Dump/ breach Defacement 1% 1% 7% 9% 49% Doxing Hoax Malicious Actor Activity Scanning SQLi XXS TLP: AMBER 13

Bitcoin Baron December 2014 - January 2015 claimed responsibility for 11 DDoS attacks against SLTTs March 2015 claimed responsibility for 11 DDoS attacks against SLTTs March 23, 2015 accidentally posts an unrelated charge sheet on Twitter; pulls it offline almost immediately; but not before MS-ISAC sees it! April 9, 2015 charges announced Sept 2016 - Indicted TLP: AMBER 14

Cyber Criminals Zeus Locky Financial Motivation Varying Expertise Upatre/ Dyre Vawtrak Bedep Dridex TLP: GREEN 15

Ransomware Ransomware Infection Vectors 1. Visiting a malicious or compromised site 2. Opening a malicious email attachment Recent Trends 1. New Variants / TTPs 2. Ransomware-as-a-Service 3. Used in extortion schemes Prevention Mechanisms 1. Keep your systems patched 2. Keep your AV up-to-date 3. Email filtering 4. End user training and awareness 5. Have backups 16

Los Angeles Valley College Los Angeles Valley College had servers compromised by Ransomware LAVC Network, email, and phone systems were brought down $28,000 in BTC was paid to restore service A claim has been opened with their cybersecurity insurance provider 17

Database Dumps TLP: GREEN 18

Out of 117 Million Passwords: # of users password 1,135,936 123456 207,488 linkedin 188,380 password 149,916 123456789 95,854 12345678 85,515 111111 75,780 1234567 51,969 654321 51,870 qwerty 51,535 sunshine 2,094,243 Source: PandaLabs Q2 2016 Report 19

Password Reuse In 2016, Intuit identified that over 40% of accounts taken over by cyber threat actors, were accessed through reused credentials. 20

Insiders Revenge Accidental Financial Motivation Power & Control Varying Expertise Guests Former Employees Trusted 3 rd parties TLP: GREEN 21

Employee Mistakes TLP: GREEN 22

2 Computers in the Prison Ceiling - 2015 Used parts from a computer recycling program Detected July 3, 2015, when contractor s Internet threshold was exceeded Previously tried to access file-sharing sites Looked for ways around the proxies Network cable led to the ceiling Forensic analysis of the hard drives found pornography, articles about making drugs, explosives and credit card fraud 23

What Can You Do? Patch Training Backups Harden Systems Update Policies Compliance Scan Systems Encrypt Mobile Devices Take part in information sharing Critical Security Controls 1. Identify authorized and unauthorized devices 2. Inventory authorized and unauthorized software 3. Secure configurations for hardware and software 4. Continuous vulnerability assessment and remediation 5. Controlled use of admin privileges 24

About MS-ISAC Membership Free and Voluntary No Mandated Information Sharing One Membership Document Required To join or get more information: https://msisac.cisecurity.org/members/register 25

24 x 7 Security Operations Center Central location to report any cybersecurity incident Support: Network Monitoring Services Research and Analysis Analysis and Monitoring: Threats Vulnerabilities Attacks Reporting: Cyber Alerts & Advisories Web Defacements Account Compromises Hacktivist Notifications To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org 26

Computer Emergency Response Team Incident Response (includes on-site assistance) Network & Web Application Vulnerability Assessments Malware Analysis Computer & Network Forensics Log Analysis Statistical Data Analysis To report an incident or request assistance: Phone: 1-866-787-4722 Email: soc@msisac.org 27

MS-ISAC Advisories 28

Monitoring of IP Range & Domain Space IP Monitoring IPs connecting to malicious C&Cs Compromised IPs Indicators of compromise from the MS-ISAC network monitoring (Albert) Notifications from Spamhaus Domain Monitoring Notifications on compromised user credentials, open source and third party information Vulnerability Management Program (VMP) Send domains, IP ranges, and contact info to: soc@msisac.org 29

Vulnerability Management Program What Data Are We Collecting? Server type and version (IIS, Apache, etc.) Web programming language and version (PHP, ASP, etc.) Content Management System and version (WordPress, Joomla, Drupal, etc.) Email notifications are sent with 2 attachments containing information on out-of-date and up-to-date systems: Out-of-Date systems should be patched/updated and could potentially have a vulnerability associated with it Up-to-Date systems have the most current patches 30

Time-to-Patch % of Patched Word Press Instances Following A New Version 78.65% 80.72% 81.63% 81.69% 81.98% 82.02% 54.60% 59.24% 61.40% 62.70% 64.72% 65.63% Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 2015 2016 31

Malicious Code Analysis Platform A web based service that enables members to submit and analyze suspicious files in a controlled and non-public fashion Executables DLLs Documents Quarantine files Archives To gain an account contact: mcap@msisac.org 32

Monthly Newsletter Distributed in template form to allow for re-branding and redistribution by your agency 33

National Webcasts a collaborative effort between DHS and MS-ISAC to provide timely and relevant cybersecurity education and information Cybersecurity While Traveling (February 2017) Cybersecurity Year in Review and 2017 Preview (December 2016) National Cybersecurity Awareness Month Be a Part of Something Big (October 2016) State and Local Roundtable Effective Cyber Disruption Strategies (August 2016) Prioritize Your NIST CSF Implementation with the CIS Critical Security Controls (June 2016) https://msisac.cisecurity.org/webcast/ 34

Weekly Malware IPs and Domains Automated Threat Indicator Sharing via Anomali To gain an Anomali account contact: VMP@cisecurity.org 35

HSIN Community of Interest Access to: MS-ISAC Cyber Alert Map Archived webcasts & products Cyber table top exercises Guides and templates Message boards Secure Messaging 36

Additional Benefits Situational Awareness Resources Insider access to federal information Product and Training Discounts Cybersecurity Exercise Participation Workgroups Hot Topics Webcasts 37

Federal Resources Free to State and Locals Cyber Resiliency Review Stop.Think.Connect FedVTE and FedVTE Live! 38

MS-ISAC Members in the State of Florida Palm Beach State College Florida Gulf Coast University Tampa Bay Water City of Leesburg City of Jacksonville Beach Orange County Clerk of Courts Greater Orlando Aviation Authority Citrus County Clerk of Courts and Comptroller City of Winter Springs Police Department City of Tallahassee City of Palm Beach Gardens City of Punta Gorda City of Bradenton City of Sarasota Hillsborough County Clerk Lee County Clerk of Courts Leon County Supervisor of Elections City of Winter Park Collier County City of South Daytona City of Atlantic Beach Clay County Utility Authority Miami Dade International Airport Marion County Sheriff's Office City of Venice Marion County Sheriff's Office Florida Orlando Utilities Commission City of West Palm Beach Palm Beach County Tallahassee Community College Broward County Broward County Aviation Department City of Fernandina Beach St. Johns County Tax Collector Town of Palm Beach Collier County Sheriffs Department City of Ocoee City of North Port Miami Dade County City of St. Petersburg Alachua County City of Largo Martin County Clerk of Court and Comptroller City of North Port City of Miramar St. Lucie County Clerk of Circuit Court Clay County Supervisor of Elections Hillsborough County Aviation Authority Hillsborough County Marion County Supervisor of Elections City of Mount Dora Florida Atlantic University Sarasota County City of Orlando City of Pensacola Escambia County City of Miami Beach Sarasota County Sheriff's Office City of Cocoa Beach Manatee County Orange County Palm Beach County Clerk & Comptroller City of Cocoa Charlotte County St. Lucie County City of Tamarac Seacoast Utility Authority City of Sunny Isles Beach Florida Florida State University Clay County Clerk of Circuit Court Miami Dade College 11th Judicial Circuit of Florida City of Lauderhill Lake County Clerk of Courts City of Marco Island Florida International University Village of Palmetto Bay City of Tamarac Leon County Supervisor of Elections City of Sanford University of Central Florida City of Stuart Citrus County Sheriff's Office Osceola County Charlotte County Clerk of Court and County Comptroller Brevard County State of Florida City of Port St. Lucie City of Boynton Beach Marion County Supervisor of Elections Hardee County City of North Port City of North Lauderdale Florida Department of Law Enforcement Martin County City of Lakeland University of West Florida City of Cape Coral City of Fort Lauderdale Charlotte County Sheriff s Office Town of Jupiter City of Tampa Monroe County Sheriff's Office Lee County Port Authority Florida League of Cities University of South Florida Broward County Clerk of Courts Citrus County Supervisor of Elections City of Deltona 39

MS-ISAC 24x7 Security Operations Center 1-866-787-4722 SOC@cisecurity.org Andrew Dolan, Director of Stakeholder Engagement Kateri Gill, Program Specialist info@msisac.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback