NJ School Network Held for Bitcoin Ransom
Technicians at the Swedesboro-Woolwich School District, which is home to four elementary schools in Gloucester County, discovered that its entire network was down last Saturday morning when they received a ransom message asking for 500 bitcoins — a peer-to-peer electronic cash system. 500 bitcoins is equivalent to about $124,000.
As detailed by NJ.com, the computer network “hostage situation” at Swedesboro-Woolwich School district was caused by firewall insecurities and weak passwords at one of the district’s vendors, according to the Educational Information Resource Center.
The district has since regained control of its systems.
Swedesboro-Woolwich’s IT Department noticed last weekend that its network was entirely down, blocking emails, documents and preventing the district from administering the PARCC exams.
While the New Jersey State Police’s Cyber Crimes Unit, the Gloucester County Prosecutor’s Office, Homeland Security and the FBI were all involved in investigating the hacking incident from a criminal perspective, the EIRC’s goal was to restore the system and find the weakness in the system that allowed it to occur.
“We were able to turn the clock backward a little bit and find out how the network was infiltrated,” Procopio said. “An outside individual gained access to the network through an open port in the firewall … It’s actually quite easy for anyone sitting anywhere in the world to scan the public internet to find potential vulnerabilities.”
In this case the problem was two-fold.
First, there were open network ports, which failed to meet “best practice” standards, according to Procopio, and secondly a lack of secure passwords allowed a hacker, or hackers, to infiltrate and affect the entire system.
“The situation was able to get as bad as it did because of weak passwords on a network account,” he said.
The account was from an outside vendor and was titled “Breaker” on the district’s system.
In reaction to the problem, the EIRC has closed the crack in the firewall and the specific password that caused the issue has been changed, but the district is also enforcing a change in all of the networks’ passwords to make them more complex.
The majority of the problem has been fixed and email can now be sent and received from the district’s system, but older emails have not yet all been restored.
State Police confirmed that they are still on the case, but no updates on the investigation has yet been made available.
Vendor Vulnerability
It should be noted that some documentation related to troubleshooting the PARCC Field Test advises that the Administrator “Disable anti-virus programs running on each device.”
Whether a school system or a business, weak security practices by vendors and internal employees are a cause for great concern. In the most recent report by Kaspersky Labs:
During 2013 and 2014, Kaspersky Lab detected around 315,000 daily malicious samples. Of those businesses surveyed, only 4% were able to accurately state this figure. In fact, 91% of respondents underestimated it and 70% guessed that there were less than 10,000 daily threats. A serious miscalculation.
But this is only part of the story. 94% of companies have experienced some form of external security threat, and yet only 68% have fully implemented anti-malware on their workstations and only 44% employ security solutions for their mobile devices.
The report continues:
“So, how do we fix this? We need to recalibrate our perceptions of the industry to better understand the threats. And not just the visible security breaches, but the daily and ongoing security risks too.
There is a split though, in the perception of who is ultimately responsible for securing financial transactions. Only 35% of customers think that financial institutions are primarily responsible, whereas 85% of financial institutions felt that they themselves were responsible.
So what’s the story? Well, businesses are making progress, but so is the cybercrime industry. Though the tools exist for organizations to protect themselves, most businesses are still taking a reactive approach to IT security. They need to be more proactive and stop underestimating the diversity, number and sophistication of today’s threats. To put it simply, traditional anti-virus solutions aren’t enough anymore.
Businesses need to recognize the complexity of the challenge ahead. Building a multi-layered defense against the threats posed by ‘human’ factors, the sprawl of multiple devices and the emergence of new technologies is now essential as no business has sufficient human resources to handle it all.
It’s time to undertake a serious recalibration of how security issues are perceived and tackled. Businesses need to be more proactive and vigilant, and they need to educate themselves – or risk becoming the next big IT security news story.”
Complex Issues
1. Increasing threat complexity
Malware has very quickly become far more sophisticated. To stay safe, all organizations need deeper protection than a simple ‘anti-virus’ solution can offer. This has created the perception of having a more burdensome, complex set of tools to manage. And in some cases this perception is justified. The security market is packed with thousands of niche product offerings that under-resourced IT teams struggle to learn, integrate and manage.
2. Increasing IT infrastructure complexity
Even small organizations are powered by a surprisingly complex array of technology. On top of the basic LAN, organizations typically have multiple types of company-wide software, as well as individuals installing ‘rogue’ applications on their systems. Add to this the growth of virtualization and you have lots of elements to keep track of and manage. But it’s mobility that’s really posing the biggest challenge to IT professionals.
Next Steps
This month, Firestorm President Jim Satterfield and Business Crisis-Risk Practice leader Jack Healey will present a webinar entitled Business Crisis Risk – Data Breach Escalation.
Regulatory groups are increasingly calling for Management and Boards to be prepared for cyber breaches.
Research suggests that today’s cyber-attackers are becoming smarter about the systems they seek to break, and are commonly using impersonation and social engineering to tap into the most common weaknesses in the security chain — employees and vendors.
Over the past year, companies and organizations including school systems, government entities, major financial institutions and US retailers Target, Sony, Staples have been struck by separate cyberattacks leading to the loss of millions of customer and employee records — including sensitive data, credit cards and personal information which could be used in identity theft.
Not only do security breaches potentially cost businesses a fortune in damage control, forensics and security improvements, but these firms are also left with a hefty bill in granting affected consumers credit monitoring services and compensation.
Please join Firestorm President Jim Satterfield and Business Crisis-Risk Practice leader Jack Healey as they explore:
- Prevention: phishing attempts where employees opened emails with compromised attachments
- Data breach sophistication: basic but effective
- Malware that should be detected: commonly known vulnerabilities
- Targeting organizations that had fallen behind on patching
We look forward to seeing you!
“What should we do now?” “What should we say?”