Written by Sean Ventura, Chief Information Security Officer. This post originally appeared in Route Fifty.
We’re approaching the one-year anniversary of the ransomware attack that held critical City of Atlanta systems hostage, costing millions to fix. And although we don’t hear about high-profile ransomware attacks every day, they’re still a threat to government systems: in January, the city of Del Rio, Texas, suffered an attack that shut down city hall servers.
In this new era of cyberthreats, malicious actors will continue to find ways to use government entities’ computers against them. The public sector had the second-highest number of reported breaches between 2017-2018, behind only healthcare, according to McAfee Labs. And the challenge of protecting our sensitive information will only become more difficult, as the “Internet of Things” plays a greater role in city infrastructure, from controlling lamp posts to monitoring traffic patterns. Each connected device, if not properly secured, is another entry point for hackers to access critical operations.
Let’s talk about remaining vigilant in the era of ransomware—and what to expect from hackers in the coming year.
What’s next in cybercrime?
Although ransomware isn’t going away, there’s reason to believe cybercriminals are shying away from the unwanted attention an incident such as the Atlanta ransomware attack garners. These cybercriminals are looking to quieter, and potentially more lucrative, attacks.
That’s where cryptocurrency mining comes in. Mining is a process in which users exert massive amounts of computing power to “dig up” and add new cryptocurrencies, such as bitcoin, into circulation. If a cybercriminal gains access to your system – for example, through an unsecured IoT device—they can reroute some of your system resources, such as CPU and Memory, to cryptocurrency mining. McAfee Labs found that malicious software designed to execute coin mining increased more than 4,000 percent between 2017 and 2018.
Cryptocurrency mining malware will slow your systems down as cybercriminals use your resources to line their pockets. But the issue is hard to diagnose; what seems like the result of aging hardware might actually be a cryptocurrency mining attack.
How can we prevent it – or recover from it?
Perhaps the most important step in preventing a crypto mining attack is adopting a “zero-trust model.”
Your IT team shouldn’t let “shadow” IT—the use of unknown personal software and hardware, as well as unvetted free online applications used for the sake of expediency—become normalized. They should lay out a clear set of steps for adopting new software or applications, placing the onus on themselves to verify a vendor’s trustworthiness. This allows the IT team to diagnose the source quickly in the event of a crypto mining attack.
You can also reduce the number of potential targets by adopting a single point of control, a task cloud computing has made significantly easier. The cloud allows IT teams to manage both internal systems and IoT devices city-wide behind one firewall, simplifying your security procedures. And in the event your systems fall prey to a ransomware attack, a cloud backup allows IT teams to move operations offsite in a matter of minutes without losing critical or sensitive information. If your IT team is considering a shift to cloud computing, backup capabilities and level of security should be among the first questions they ask potential vendors.
Spread the word
Although the standard rules of “don’t open a suspicious email” still apply, today’s cybersecurity landscape is much more complicated.
Combating ransomware and cryptocurrency mining attacks requires a quick and thorough response to potential threats – which means all departments should be educated on standard IT procedures.
By centralizing vendor management and software implementation inside the IT department, as well as asking the right questions of your vendors, you can simplify cybersecurity and significantly reduce your vulnerability to both known and unknown risks.