Zero-cost Tools and Services for CISA CPG Third-party Validations

/in

The Cybersecurity Performance Goals (CPGs) from the Cybersecurity and Infrastructure Security Agency (CISA) were designed to help establish a common set of fundamental cybersecurity practices for public and private sector critical infrastructure in the United States.

The CPGs are organized into five focus areas (Identify, Protect, Detect, Respond, and Recover) with all CPGs listed as subsections inside one of the five areas.

CISA recommends taking advantage of third-party validation options to help identify cybersecurity gaps. Many of these options are available for no cost through CISA itself or through U.S companies.

Below you’ll find information some zero-cost, third-party validation options mapped to the relevant CPG as numbered by CISA.

See this link for the full list of CPGs from CISA.

 

IDENTIFY: CPG #1.E Mitigating Known Vulnerabilities

 

IDENTIFY: CPG #1.F Third-Party Validation of Cybersecurity Control Effectiveness

 

PROTECT: CPG #2.B Minimum Password Strength & #2.C Unique Credentials

 

PROTECT: CPG #2.P Document Network Topology

 

PROTECT: CPG #2.R System Backups

 

PROTECT: CPG #2.S Incident Response Plans

 

PROTECT: CPG #2.W No Exploitable Services on the Internet

 

DETECT: CPG #3.A Detecting Relevant Threats and TTPs (Tactics, Techniques, and Procedures)

 

RESPOND: CPG #4.A Incident Reporting

 

RESPOND: CPG #4.C Deploy Security.txt Files

 

RECOVER: 5.A Incident Planning and Preparedness

 

Ready to Get Started?

With more than 30 years of real-world experience in network, security, cloud, and data center technologies, Trinsio’s team of best-in-class technologists are here to help.

Trinsio offers many complementary services to help you get started as you strive to meet CISA’s guidance on third-party validations for various cybersecurity protections in the CPGs.

Cybercriminals Claim Another Victim: City of Beckley, West Virginia

/in

At the beginning of this year, a small city nestled in the heart of West Virginia fell victim of a cyber attack. They posted to their local facebook page addressing the incident… “we are working diligently to investigate the source of the incident, confirm the incident’s full scope and impact, and identify whether data may be impacted. We appreciate your patience and understanding and apologize for any inconvenience as we continue these efforts…”

City of Buckley, West Virginia

The attack, sent shockwaves through the community, raising urgent questions about the safety of sensitive data and the resilience of municipal operations. Residents, found themselves in an unfamiliar landscape of uncertainty and vulnerability. The once-trusted systems upon which the city relied now stood compromised, leaving officials scrambling to contain the fallout and restore normalcy to a city in disarray.

You often hear about such incidents occurring, but never imagine it could happen to you. Yet, even this small West Virginia town fell victim to a ransomware attack. Ransomware is a malicious software that encrypts data, holding it hostage until a ransom is paid. The consequences can be very serious… data encryption leading to loss or compromise, financial loss due to ransom payments, operational disruption, reputation damage, legal and regulatory consequences, data theft and extortion, and long-term impact on individuals, businesses, and communities.

Cities/Governments Under Attack

Beckley’s plight is not an isolated incident but rather a symptom of a larger epidemic sweeping across the nation. Municipalities, big and small, are increasingly finding themselves in the crosshairs of cybercriminals. This is due to potential for financial gain, disruption of essential services, and access to valuable data held by government entities, making them attractive targets for cybercriminals seeking to exploit vulnerabilities in digital infrastructure.

BE PROACTIVE

Taking proactive steps to enhance cybersecurity is essential in safeguarding against cyber threats. This includes regularly updating software and antivirus programs, using strong and unique passwords, implementing multi-factor authentication, educating employees about cybersecurity best practices, conducting regular security audits, and investing in strong and reliable cybersecurity solutions.

 

However, it is crucial to acknowledge that no system is immune to cyber threats. As Beckley and countless other cities have learned, it is not a matter of if a cyberattack will occur, but when. In this digital age, where everything is connected and data is the new currency, the threat of cyber warfare looms large, it is imperative for individuals, businesses, and governments to continuously update their cybersecurity measures to make sure they are prepared.

Need a place to start?
Book an appointment with us to assess your network’s security posture & where you might have vulnerabilities in your system.

Full article here

Ransomware Rattles Illinois: Insights and Takeaways

/in

Government agencies in Illinois were suddenly thrown into chaos as cyber criminals launched a devastating ransomware attack. The threat actors targeted the file transfer software ‘MOVEit’, infiltrating the very core of Illinois’ digital infrastructure. You never think it is going to be your town, city, business, or community but these cyber criminals will attack any organization with valuable data.

The attack, attributed to the CL0P ransomware gang, exploited a zero-day vulnerability in MOVEit Transfer, a tool designed to securely transfer sensitive data. The implications of such an attack are profound, as it not only jeopardizes the integrity of government systems but also potentially compromises the personal information of countless individuals.

According to reports, CL0P claimed to have stolen data from numerous organizations and issued ultimatums to victims, threatening to publicly release sensitive information if ransom demands were not met. The situation is further complicated by the involvement of third-party vendors, highlighting the interconnected nature of modern cybersecurity threats.

In response to the attack, the Illinois Department of Innovation and Technology (DoIT) swiftly mobilized its resources, disconnecting affected systems and initiating a forensic analysis to assess the extent of the breach. While the full impact of the attack is still being determined, the department is doing everything they can to mitigate the fallout and protect critical infrastructure.

This incident serves as a wake-up call for governments and organizations at all levels. As cybercriminals continue to evolve and launch increasingly sophisticated attacks, a proactive approach to cybersecurity is essential. This includes investing in solid defense mechanisms, conducting regular security audits, and educating your team.

Cybersecurity can be overwhelming, so getting a security audit is a good place to start. Having an extra pair of eyes can help you to identify vulnerabilities that might go unnoticed otherwise. We offer a free threat assessment so you can talk to a cybersecurity expert to make sure you have all your ducks in a row.

FREE THREAT ASSESSMENT


Link to article
https://www.govtech.com/security/illinois-impacted-by-wide-ranging-ransomware-attack



Pennsylvania Courts Face Cyberattack

/in

Last month, the Pennsylvania Courts online system found itself in the crosshairs of a cyber attack. This assault not only disrupted vital services but also raised questions about the vulnerability of our digital infrastructure and the steps we must take to safeguard it.

The cyberattack, characterized as a denial of service attack, overwhelmed portions of the Pennsylvania Courts website, rendering them inaccessible. Chief Justice Debra Todd confirmed the compromise, underscoring the severity of the situation. She also noted that this incident is not isolated; similar attacks have targeted institutions across the globe. This is a threat that cannot be ignored.

Dave Hickton, former U.S. Attorney for Western Pennsylvania and founder of Pitt Cyber at the University of Pittsburgh, likened the attack to a blitz in football, emphasizing the urgency of the situation. “Effectively, we’ve just lost use of the system,” he said. “That can be a prelude to bigger problems, but it’s an infrastructure attack against our court system so should be taken very seriously.”

While the courts reassured the public that there’s no indication of data compromise, the impact on services like PACFile, online docket sheets, PAePay, and the Guardianship Tracking System underscores the far-reaching consequences of cyber intrusions. Law enforcement agencies, including the U.S. Department of Homeland Security and the FBI, have launched investigations to identify the perpetrators and mitigate further risks.

The aftermath of such attacks necessitates careful remediation efforts to ensure that vulnerabilities aren’t exploited further. Randy Rose of the Center for Internet Security cautioned against inadvertently exacerbating risks while addressing the issue. Moreover, the potential for personal computers to be unwittingly enlisted in cyberattacks highlights the need for robust cybersecurity measures at both individual and institutional levels.

It is clear that proactive steps must be taken to ensure your cybersecurity defenses are up-to-par. Changing passwords regularly, implementing dual-factor authentication, and exercising caution when interacting with email attachments are simple, yet significant measures you can take to mitigate risk.

You never think it is going to be your city, your school, your town, or your institution, but it has been proven time and time again that cyber criminals don’t discriminate. They will attack any institution that has valuable data. As our reliance on digital systems continues to grow, it becomes increasingly imperative for organizations and individuals alike to remain vigilant and proactive in safeguarding their networks and data. 

Cybersecurity can be overwhelming, but this is a good place to start…

Click HERE for a free threat assessment to see where there may be vulnerabilities in your system.

 

CBS article

Parents Fearful After Cyberattack Strikes Maine School District

/in

Ransomware Strikes Maine School District

A few months ago, Hermon School District in Maine was attacked by Ransomware. This incident sent shockwaves through the community as parents learned that their children’s information was compromised. 

Greg Newell, a resident of the community, felt uneasy about the attack and the prospect of his kids’ data circulating on the internet. “I would not want my daughter or son’s pictures out there on the internet,” he remarked, encapsulating the fear and uncertainty that many parents felt in the aftermath of the attack.

The Hermon School Department swiftly responded to the breach, taking measures to secure its network. However, the extent of the intrusion was more alarming than initially disclosed. According to Newell’s findings, the compromised data included not only student names and identification numbers but also sensitive details such as addresses, phone numbers, and potentially even social security numbers.

Newell’s concerns were echoed by members of the Hermon Town Council, who acknowledged longstanding worries about the security of the school’s systems. Despite efforts to address these concerns through audits and system enhancements since 2021, tangible progress has been elusive. Steve Thomas, a Hermon Town Council Member, lamented the lack of success in tightening the system’s defenses, underscoring the need for greater efforts to safeguard the community against cyber threats.

Understanding the Risks

This ransomware attack on Hermon School District is a good reminder of why cybersecurity is not a matter that should be taken lightly. The breach not only jeopardized the privacy and security of students’ personal information but also exposed vulnerabilities within our digital infrastructure. 

Cyber attacks pose a multifaceted danger that extends beyond mere data breaches. They can disrupt essential services, undermine trust in institutions, and inflict financial and reputational damage. 

Prioritizing Data Security

Taking charge of cybersecurity requires a proactive approach that begins with awareness. It involves conducting thorough threat assessments to identify potential vulnerabilities and implementing robust security measures to mitigate risks. This includes regular software updates, employee training on cybersecurity best practices, and the adoption of encryption and multi-factor authentication protocols.

We recognize the critical importance of cybersecurity in today’s interconnected world. That’s why we offer comprehensive threat assessments to help businesses, communities, and institutions identify and address potential vulnerabilities. CLICK HERE to connect with one of our experts and find out where you may have vulnerabilities in your system. 

Your data holds immense value, and the risks of a breach are significant. Having a solid plan in place is essential, and being casual about data security simply isn’t an option. Be prepared. Be proactive.

 


Article link

Hermon School District Video

New Hampshire’s Push for Cybersecurity Resilience

/in

In today’s digital age, cybersecurity is no longer just a concern for big corporations or government agencies. It’s a threat that reaches into the very heart of our communities, affecting the safety and privacy of our schools. As cyberattacks continue to rise, officials are urging schools to take proactive measures to defend themselves against these increasingly sophisticated threats.

A Look Inside Cybersecurity Breaches

Imagine the chaos that ensues when a school district falls victim to a cybersecurity attack. Personal information of staff, parents, and even students can be compromised, leading to identity theft and financial fraud. Pamela McLeod, a former director of technology for the Concord School District, vividly recalls the devastating aftermath of such an attack in 2016. W-2 forms, containing sensitive information like Social Security numbers, were swept up by infiltrators, leaving the district scrambling to mitigate the damage.

Understanding the Scope of the Threat

But the threat doesn’t stop there. From 2016 to 2022, over 1,600 schools across the U.S. reported security breaches, with hackers often holding personal information hostage for ransom. The recent “sophisticated attack” on the Nashua School District serves as a stark reminder of the vulnerability of our educational institutions.

At a panel discussion hosted by Sen. Maggie Hassan, experts and former administrators came together to sound the alarm: K-12 schools are prime targets for cyberattacks. Without proactive measures, these attempts will likely only increase, with potentially dire consequences for students and staff alike.

Thankfully, efforts are underway to bolster the defenses of our schools. Legislation like New Hampshire’s House Bill 1612 requires school districts to develop data and privacy governance plans, ensuring they are prepared to respond to breaches effectively. Additionally, federal funding from initiatives like the $1 trillion infrastructure bill aims to provide financial and technical support to enhance cybersecurity programs in schools.

But defense against cyber threats isn’t just about throwing money at the problem. It requires a comprehensive approach.

Insight From The Department of Information Technology

An article recently written by the Department of Information Technology titled “New Hampshire Cyber Threat Assessment”, dives deep into the current state of New Hampshire’s network and where they may be at risk. It is also written to educate and inform individuals in IT and the general public about the potential risks and measures that can be taken to prevent these disasters.

“The most likely things users/administrators will see are phishing emails, attacks to compromise identities, business email compromise to enable good old-fashioned grifting, and ransomware attacks.”

Simply training staff to recognize and avoid these phishing scams can make a world of difference. The Department of IT also recognized that public and private sector organizations are highly likely to become victims of cyberattacks and proactive measures are not only recommended, but required. With the “rapid evolution and adoption of emerging technologies… [we need to be adaptive and innovative] in our cybersecurity practices.”

Be Proactive. Be Prepared. 

It’s time for a mindset shift. Cybersecurity is not just an issue for IT professionals; it’s everyone’s responsibility. Schools must prioritize digital security and invest in measures to protect sensitive information. As McLeod aptly puts it, “We may not think we’re a great target, but to an attacker, we may be a fantastic target.”

Let’s heed the call to action and safeguard our schools against the growing threat of cyberattacks. Together, we can build a more secure future for our students and communities.

Click here for a free threat assessment to see if you have any vulnerabilities in your system

 

News Article

IT Department Article



Secure Schools, Strong Communities: Lessons from the Cyber Attack on School District in Vermont

/in

On December 11, 2023, Milton Town School District fell victim to a ransomware attack, plunging the district into chaos as several files on its server were compromised and encrypted. The attack disrupted various operations, particularly impacting print services and business office files, including the ongoing financial audit.

Prompt action was taken as the district quickly notified authorities, triggering an immediate response. MTSD collaborated with relevant bodies such as the VT School Boards Insurance Trust and sought support from the Vermont Agency of Education, Vermont Intelligence Center, and the U.S. Department of Cybersecurity.

Consultants conducted a forensic investigation to identify compromised files and guide the district through the process of rebuilding and securely restoring the locked files. Fortunately, despite the disruption, vital systems like the financial software, banking information, student services files, and personal student information remained unaffected.

Understanding the Stakes

The implications of the MTSD cyber attack extend far beyond the district’s boundaries. Educational institutions, especially in the wake of the COVID-19 pandemic, have increasingly relied on IT services for remote learning and administrative tasks. However, this dependence has made them prime targets for cybercriminals.

According to the U.S. Government Accountability Office, the frequency and severity of cyber attacks on schools have surged during the pandemic. The incident highlights the urgent need for strong cybersecurity measures within educational systems to safeguard sensitive data and maintain uninterrupted operations.

Moving Forward

Amidst the chaos, the response from both governmental bodies and the local community has been commendable. The school district expressed gratitude for the assistance received from the U.S. Department of Homeland Security and Cybersecurity. Additionally, the support from the Town of Milton.

As MTSD continues to navigate the aftermath of the cyber attack, transparency and communication with the community is very important. This ransomware attack serves as a wake-up call for educational institutions everywhere to strengthen their cybersecurity defenses and adapt to the evolving threat landscape. Be proactive. Cybersecurity matters, and threats are on the rise. Stay alert, stay secure.

What Can You Do to Protect Your Organization

The threats can be overwhelming, but there are simple steps you can take. Start by educating your staff about common risks like phishing emails and the importance of strong passwords. Keep your systems updated and regularly back up your data to secure locations. Use firewalls and antivirus software to safeguard your network, and develop incident response plans to handle any security breaches effectively. 

Collaborate with cybersecurity experts for guidance and support. Conduct regular security assessments to identify vulnerabilities and stay informed about emerging risks. We are happy to connect you with one of our experts to run an assessment. CLICK HERE to book a meeting. 

By implementing these simple steps, you can strengthen your organization’s defenses and minimize the impact of potential cyber attacks.

Link to news article

Cybersecurity Incident Disrupts Online Learning at North Carolina Central University

/in

Recently, North Carolina Central University (NCCU), located in Durham, North Carolina, experienced a cyberintrusion that prompted the suspension of online classes for two consecutive days. The university’s Information Technology Services (ITS) department was alerted to the incident and immediately initiated an investigation. The intrusion affected various campus systems, including the Wi-Fi network and MyEOL platform, disrupting normal operations. Even an impressive university such as NCCU can fall victim to these attacks, reiterating the fact that every business, city, town, and organization needs to be prepared for an attack

Immediate Response

Upon discovering the cyberintrusion, NCCU swiftly responded by temporarily shutting down critical systems that required NCCU credentials. This proactive measure aimed to prevent further unauthorized access and mitigate potential risks. While face-to-face classes continued as scheduled, online classes remained suspended until the situation could be fully assessed and resolved.

Protecting Sensitive Information

One reassuring aspect of this incident is that officials believe no personal or sensitive information was compromised. Nevertheless, the university took precautionary steps to safeguard its systems and data. This underscores the importance of robust cybersecurity protocols in place to defend against potential threats and protect sensitive information.

Implications for Other Organizations

The cyberintrusion at NCCU serves as a cautionary tale for other organizations, especially those in the public sector, education, and small businesses. Regardless of size or industry, every entity that relies on digital infrastructure must prioritize cybersecurity. In today’s interconnected world, where cyber threats are omnipresent, investing in cybersecurity measures is not just a prudent choice but a necessity to safeguard operations, data, and reputation.

Conclusion

The cyberintrusion at NCCU highlights the ongoing battle against cyber threats faced by organizations of all types. As technology continues to advance, so do the methods used by cybercriminals. It’s imperative for institutions and businesses alike to remain vigilant, continuously update their cybersecurity defenses, and educate employees and users about best practices. By doing so, they can better protect themselves from potential cyber intrusions and minimize the impact of any security incidents.

This can be overwhelming and we are here to help you start! Click HERE for a complimentary threat assessment with one of our cybersecurity experts so that you can be aware of any vulnerabilities in your system.

 

link to article

Understanding the Huber Heights Cyber Attack: Road to Recovery

/in

Recently, the city of Huber Heights in Ohio found itself grappling with the aftermath of a debilitating cyber attack, throwing its government systems into disarray. Nearly two months have passed since the attack, and the city remains under a state of emergency as recovery efforts continue.

In response to the cyber attack, City Manager Rick Dzik swiftly moved to declare a state of emergency, granting him the authority to allocate resources towards mitigating the crisis. The city council, recognizing the severity of the situation, voted in favor of this declaration, enabling the allocation of up to $350,000 in city funds to address the fallout.

Recovery Efforts and Expenditures

Since the attack, significant efforts have been made to restore functionality to vital city services. Various entities have been engaged to aid in the recovery process, including Secure Cyber Defense for on-site response, Coveware for negotiations with the threat actors, and Sylint for forensic investigation, among others. A substantial portion of the allocated funds has already been disbursed to cover these expenses.

One of the primary concerns stemming from the cyber attack is the potential compromise of resident data. While the extent of the breach remains uncertain, the city is taking proactive measures to assess the situation. Collaboration with data mining experts is underway to sift through compromised files and identify any instances of personal data exposure. This meticulous process is crucial in determining the scope of the data breach and mitigating its impact.

Ongoing Challenges and Internal Response

Despite progress in recovery efforts, challenges persist, particularly in restoring access to essential software and troubleshooting operational disruptions. City staff are diligently addressing these issues to minimize disruptions to day-to-day operations. However, the paramount challenge lies in obtaining a definitive understanding of the data compromised during the attack—a critical step towards ensuring data security and safeguarding sensitive information.

The cyber attack on Huber Heights serves as a reminder of the persistent threat posed by cybercriminals to municipalities and organizations alike. With ransomware on the rise, it is no longer a matter of ‘IF’ you will be attacked, but ‘WHEN’. The best thing you can do is be aware of potential threats. A good place to start is here. We will connect you with our cybersecurity experts to assess your current cybersecurity stack and find out where there are vulnerabilities in your network. BOOK A THREAT ASSESSMENT HERE.

We are here to help you protect your city, town, organization, or business. 

 

Link to the original article



From Florida to Europe: The Worldwide Impact of Ransomware

/in

In a recent turn of events, a widespread ransomware outbreak has cast a shadow over servers worldwide, originating from an undisclosed source. The attack has targeted critical infrastructure, including Florida’s Supreme Court and various prestigious universities in the United States and Central Europe. There are a lot of question marks with this attack and cybersecurity experts have been working to dissect its origins. 

Assessing the Damage

Amidst the chaos, more than 3,800 organizations find themselves ensnared in the digital extortion campaign, grappling with the fallout of cyber intrusion. The attack, facilitated through exploitation of a two-year-old vulnerability in VMWare Inc software, has left servers and databases compromised, disrupting normal operations. While the extent of the disruption varies across organizations, the incident underscores the vulnerability of internet-facing servers to automated attacks by cybercriminals.

The Aftermath

In the wake of the attack, affected organizations are racing against time to contain the damage and safeguard their networks. Florida’s Supreme Court, quick to respond, assures the public of the security of its network and data, with the affected infrastructure segregated from critical systems. However, a cloud of uncertainty looms over other institutions, with a dozen universities, including the Georgia Institute of Technology and Rice University, yet to provide official statements regarding the incident.

Tallying Up: Exploring the Fallout of the Attack on Finances and Operations

The ransomware attack’s financial impact, though appearing small with cybercriminals demanding only $88,000, goes beyond mere numbers. It disrupts daily operations, posing risks to data security, system stability, and organizational reputation. This incident emphasizes the critical need for strong cybersecurity practices and proactive risk management in today’s digital world.

As organizations worldwide grapple with the fallout of the ransomware outbreak, the incident underscores the urgent need for strengthened cyber defenses and enhanced collaboration between cybersecurity experts, institutions, and governments. We are happy to help you take the first step to security in a technological world. Click HERE to book a meeting with us to assess your current system and how you may be vulnerable to attacks. 

Stay safe out there!