Colorado agencies, schools, companies gird themselves against cyberattacks
Data breaches. The dark web. Ransom demands.
While these phrases may seem like abstract plot points in a cable TV crime-solving show, Colorado businesses and enterprises of all stripes are learning about the increasingly serious threat of cybercrime as more continue to fall victim to malicious hackers.
“Every organization is vulnerable and every organization needs to be vigilant,” said Ken McConnellogue, spokesman for the University of Colorado system, which refused to pay a $17 million ransom after the theft of student data earlier this year.
Brazil’s JBS, the world’s largest meat supplier and the biggest employer in Greeley, faced a ransomware attack last weekend that shut down production at its beef plants across the world. In Greeley, home to JBS’s largest U.S. beef plant, multiple shifts were canceled this week due to the cyberattack, union officials said.
The attack on the meat processing giant is one of the latest and most high-profile examples of the escalating cyberattacks in Colorado and nationwide that have hit gas pipelines, universities, transportation agencies, and food and beverage suppliers.
While ransomware can target anyone, the FBI says it’s particularly worried about city, state and tribal government networks, as well as critical infrastructure such as police, fire and hospitals.
In May, a cyberattack on Colonial Pipeline, which provides nearly half the East Coast’s fuel supply, prompted a massive shutdown and panic-buying up and down the Eastern Seaboard that led to temporary fuel outages in 11 states.
Matt Kirsch, the acting U.S. attorney for the District of Colorado, said his office is working with law enforcement partners to prioritize the prosecution of cyberattacks and similar cases, while the FBI on Friday called these investigations a “top priority.”
Meanwhile, President Joe Biden this week launched a review of the threat posed by ransomware attacks and plans to bring up Russia’s harboring of hackers with President Vladimir Putin this month, the White House announced.
The attacks against JBS and Colonial Pipeline — plus a third against Brazil’s SolarWings Corp — all have been linked to hackers from Russia, Reuters reported.
Experts warn against complacency and have some tips to help ward off cybercriminals.
“I fear something very big is on the horizon,” said Bob Bowles, instructor and director at Regis University’s Center for Information Assurance Studies and a cybersecurity expert. “There’s no nation on this Earth that could surprise us militarily because we would detect it. However, when you look at a cyberattack, that’s where they could really hurt us. Our power grids. Our nuclear grids. Our supply chains. Our fuel. Our water supply systems. I think they’re coming after our major infrastructures.”
Being ready for an attack
The Colorado Department of Transportation knows firsthand how cyberattacks can send an entire government agency scrambling.
In 2018, someone used a variant of the SamSam ransomware to hijack CDOT computer files, forcing the agency to shut down more than 2,000 computers.
As many as 150 people — including personnel with the FBI and the Colorado National Guard — worked for weeks to bring operations back to normal, with the disruption costing the state up to $1.5 million.
One of the major lessons the state took away from the attack: Be faster when implementing security features.
Colorado was in the process of rolling out upgraded protection systems agency by agency when malware struck CDOT, said Deborah Blyth, the state’s chief information security officer. If it had been two weeks later, the incident may have been relatively painless.
“Having a great security strategy on paper has no value when you’re under attack,” Blyth said. “When CDOT happened, we threw out the project plan and put that tool in place.”
The incident prompted the state to add training so government officials could protect themselves from future attacks. All 30,000 state employees are now obligated to take quarterly cybersecurity training on everything from how to protect your password to identifying phishing schemes, Blyth said.
Cyberthreats, however, just keep coming. The state blocks thousands of targeted attacks through email every month, Blyth said.
Cybercriminals tend to follow the news, she said. In March 2020, when the COVID-19 pandemic first struck the U.S., the malware was related to the coronavirus. A couple months later, that shifted into phishing attempts related to the vaccine — then the reopening of the state.
“Every month my team produces a report that gives me chills,” Blyth said, referencing attacks that the state avoided.
But it’s not just the public sector falling victim to malicious online actors.
Molson Coors, with its mammoth Golden brewing facility, suffered what the company called a “systems outage” in March, the result of a cyberattack that caused significant disruptions in its brewery operations, production and shipments.
The attack “seriously impacted” the company, Adam Collins, a Coors spokesman, said in a statement.
“In some parts of the world our breweries were back up within 24 hours, but in other parts of the world it took days to get our systems back online,” he said. The company did not specify the impact on its Colorado plant.
Holding data for ransom
Ransomware is one of the most common types of cyberattacks at the moment, said Bowles, who said a non-disclosure agreement prevented him from discussing Regis University’s 2019 ransomware attack that crippled day-to-day operations at the Denver-based, private Jesuit institution for months.
Since 2016, more than 4,000 ransomware attacks on average occur per day — a 300% increase over the 1,000-some attacks every day in 2015, according to FBI data.
Ransomware attacks happen for three reasons, Bowles said. Perpetrators want to steal your company’s data, encrypt your data so you can’t get to it or they want to access your data to sell it on the dark web — a section of the internet only accessible by certain tools or software — to harm your customers or employees.
“It’s all about collecting money,” Bowles said, explaining that criminals will demand ransom money in exchange for getting the data back. “Any cyber professional worth their salt will tell you never pay the ransom because if you think about it, this thief has broken into your organization and they’re blackmailing you. Have you ever met a thief you can trust? No.”
Paying a ransom “may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” the FBI says in its “Ransomware Fact Sheet.”
Regis University officials previously acknowledged to The Denver Post that they paid ransom to the malicious actors who carried out their attack, but would not reveal how much.
Colorado officials in 2018 said they didn’t pay a bitcoin demand from the attackers in order to retrieve encrypted computer files.
And CU’s McConnellogue confirmed hackers demanded $17 million, then $5 million, from the university after several hundred thousand pieces of personal data, from students’ grades to medical information, were posted on the dark web. CU didn’t pay, he said.
Can anything be done to ward off such disruptive attacks?
“There’s no magic bullet,” Bowles said. “We have to get back to cybersecurity basics and just do them consistently, day in and day out. If we just get back to basics, it’s amazing what we could prevent.”
Basics include things like investing in cybersecurity, keeping operating systems and applications updated and scanning networks often checking for red flags like departed employees who no longer need network access or programs no longer used that can be deleted.
One issue for smaller municipalities or companies, however, is having adequate resources to invest in good cybersecurity.
“Cyber costs money,” said Blyth, the state’s chief information security officer. “If you’re a little bitty company or local government, you have to weigh where to spend scarce resources.”
Source: Read Full Article