Malware Defenses Must Get More Sophisticated
Barracuda Networks identified at least 70 municipalities attacked by ransomware in 2019. In a blog post, Barracuda identified Ryuk, SamSam, LockerGoga, and RobbinHood ransomware packages as being used frequently in campaigns against governments.
“The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks,” Barracuda CTO Fleming Shi says. “Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.”
Hackers are constantly using more and more sophisticated tools and tricks to seek out vulnerabilities they can exploit to gain access to networks. In the case of Riviera Beach, a city employee opened a malicious attachment on an email, exposing a vulnerable system to attack.
“For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious,” Barracuda prescribes.
When your data is locked and you have no way to replace or restore it, that’s when reality sets in; by then, Coleman says, the wake-up call has come too late.
“You get religion real quick. When you bring that home to municipal leaders at the local level, they begin to understand that education and training part because bad actors are using everything from emails with malware and unsolicited phone calls to get information, or text messaging,” he says. “Phishers will try any trick to get employees to install malware or to gain intelligence, so that awareness piece is so very important.”