Blake Dowling
Over the years, cities and municipalities in Florida have been targeted over and over by hackers.
Tallahassee, Sarasota, Riveria, Stuart, Naples, Lake City, Key Biscayne and now the City of Jacksonville Beach have all been in the news for some kind of cyber incident. My last count was seven, but that was a couple of years ago.
Attacks have ranged from spear phishing to ransomware and several other cyber issues — and these are just the ones that have been reported.
The bottom line is we must all continue to shore up our protections and be on the lookout for this kind of thing every second of the day.
As a refresher, spear phishing, which is what allegedly happened in Naples, is a targeted email campaign from a hacker impersonating a reputable company that you would do some kind of business with.
Hackers look you up in the media or on social pages and concoct their attacks. The dark art of gathering info on you and putting it together in an attack is called social engineering.
They also work on an email signature that looks legitimate, and they, in some cases, even register a fake domain that is a letter or two off the real one. For example, if you were a hacker impersonating Winn Dixie, you might register the domain Win Dixee to pass a rough eye test. Then create an email with that domain and launch it to that organization referencing real people and real work that they have harvested from the web.
Most devious are hackers who take the time to do this.
In that instance, a fake email might look like: “Hey Bob, it’s Tom with Winn Dixie; you need to send us a wire transfer for all this lettuce that’s just sitting at the warehouse, etc.”
Once you reply and send money, that money is gone.
The good news is that there are now tools that can alert you when a domain like yours has been registered and you can block it. This tech has changed the game for your cyber protection, and if you don’t have it, get it.
Ransomware attacks are another monster type of cyber incident which is what allegedly happened in Lake City.
An email might be sent to your staff with social engineering, and it might have a link that contains ransomware. You might be thinking you have brand-new endpoint detection and response security protection (which you need, good work).
But what happens when the hacker targets your HR person, puts the ransomware link in an Excel file, saves that file in a Dropbox account and sends your HR person the link?
Eight out of 10 times, it gets through, especially if the hacker took the time to look on Indeed and see that you have a job posting for a Campaign Manager, and the attached file says, “resumes for campaign manager.”
Sounds grim? It is.
It almost feels like we are at the fair, and it’s run by hackers tossing rings at us all — the hackers are the ones winning the oversized bears (in the form of crypto cash).
But the tide turned in a big way this week.
One of the largest cyber gangs behind the Lockbit ransomware was busted by law enforcement this week. Their website now states that this site is under the control of law enforcement and shows flags of several nations, indicating a worldwide cooperative effort to bring them down. Lockbit was responsible for an estimated 20% of ransomware attacks in the U.S. last year, including several in Florida.
The City of Jacksonville Beach called the situation a cyber incident, and it appears the issues have been in the rear-view mirror since first popping up a few weeks ago. I can speculate there was a ransomware incident.
When a group says everything is offline for a few days that is usually the case.
Their email would appear to have also been compromised as I saw emails that looked like it was coming from them sent to contacts all over the state. The good news is that there have not been any posts (you usually see groups claiming responsibility like a terrorist attack) on the dark web about a hacking group being paid a ransom.
This is outstanding because the more organizations that do not pay means this revenue stream will eventually dry up for hackers.
It would imply that the city had redundant backups in the cloud, and it was a matter of wiping their machines and reloading from those backups to get back in business versus paying the ransom to get access back. If this was the case, I salute them for not paying and having the tools needed for the restoration. For you reading this, have robust backups in case you need them, and deploy every cyber tool like endpoint detection and response solution, phishing simulations, two-factor authentication, and cyber training for your team to lower your risk of an issue.
These attacks over the years show a grim narrative, but with best-in-class protections and organizations not paying the ransom plus the takedown of Lockbit, the good guys are now winning the cyber war — for today.
___
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].
