Podcast Episode Details
Back to Podcast Episodes
Ransomware Rampage, Mobile Phishing Attacks, iPhone App Ad Trackers
This is your Shared Security Weekly Blaze for June 3rd 2019 with your host, Tom Eston. In this week’s episode: US cities are being rampaged with ransomware, mobile phishing attacks on the rise, and do you know what your iPhone is doing while you sleep?
Protect your digital privacy with Silent Pocket’s product line of patented Faraday bags, phone cases, and wallets which will make your devices untrackable, unhackable and undetectable. Use discount code “sharedsecurity” to receive 15% off of your order during checkout. Visit silentpocket.com today to take advantage of this exclusive offer.
Hi everyone, welcome to the Shared Security Weekly Blaze where we update you on the top 3 cybersecurity and privacy topics from the week. These podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
I was intrigued by an opinion piece posted to Dark Reading about the recent rise in ransomware attacks targeting cities and local governments. From Atlanta, Cleveland’s airport, and now the city of Baltimore, ransomware is grinding communication and critical processes to a halt in many cities across the country. Local governments are expected to provide certain critical services for citizens, such as obtaining permits, and closing home sales, so without computer systems working it’s like going back to the ice age with paper and a manual process. My hometown of Cleveland Ohio had a ransomware attack hit the airport but thankfully, only affected the flight and baggage information screens and not the security of flights or the airport itself. This latest string of ransomware attacks appears to be attributed to the previously leaked “EternalBlue” exploit back from 2017 which was created by the NSA. Anyone else find it ironic that our own cities are being used against us with the same tools and exploits designed to attack other nation states?
One thing is clear, cyber criminals see a massive target in cities and local government because they know (as well as many of us) that IT budgets are tight and more often than not systems are not being patched or maintained. The other ethical dilemma this brings up is if cities should pay the ransom. While we always say to never give in and pay a ransom, the recent ransomware incident in Atlanta cost the city an estimated $17 million in recovery costs when the ransom was only $50,000. Now just paying the ransom may not work out either as there have been cases of criminals asking for more money or just not giving the keys to unlock the data regardless of being paid. It’s a tough situation for sure and will continue to be hotly debated as attacks on cities increase.
From a prevention perspective, perhaps with limited IT and security budgets money may best spent by focusing on security awareness training. Many of these ransomware attacks start though a phishing email or by clicking on a malicious link to a compromised website which then allows the malware to propagate through the network. If the first line of defense, the users, knows how to identify a malicious email or link that alone may prevent the entire ransomware attack from happening. I started a Twitter post which I’ve linked in the show notes about this very topic so I’d love to hear your thoughts and ideas on how we can help the cities that we live in defend themselves from a ransomware attack.
Speaking of social engineering, Published on 6 years, 6 months ago