View this message online

10/23/20 - Early Release

 

LAST CHANCE TO JOIN US FOR OUR RANSOMWARE WEBINAR ON THURSDAY OCTOBER 22.  Click to Register

We invite Virginia K-12 technology and administrative leaders to join us for a webinar discussing Ransomware in our schools on October 22, 2020 at 2pm. Representatives from FBI Richmond and the Virginia State Police Fusion Center will present content as well as answer questions. Discussion will include mitigation strategies, incident handling, and best practices. Register early!

Attendance via registration only, maximum 500 attendees.
Click to Register

 

This Week: Ransomware Special Edition

Hi. My name is Tim Tillman and I am the Chief Information Security Officer (CISO) for the VDOE. Our team of cybersecurity analysts support the security program of the VDOE. I am excited to provide this email resource to you. Together, we can make our cybersecurity posture in Virginia's K-12 schools strong and a model to be admired. Contact me at tim.tillman@doe.virginia.gov

News

We read a lot of articles and blogs on security.  Here are a few items we found to share that help reinforce this week's topic.

• Ransomware is growing: Here are four ways attackers are getting into your systems

  The impact of ransomware continues to grow. According to data from global investigations firm Kroll, ransomware was the most common security issue it has being called in to deal with in 2020, while ransomware attacks accounted for over one-third of all cases up to September.

• What to do first when your company suffers a ransomware attack
  There’s no magic wand that can make a ransomware attack simply disappear with no impact at all on an organization, but you can lessen the problem by carefully following tried-and-trusted steps in the immediate aftermath of an attack.

Learning

Grace Hopper, pictured above, was a pioneer in the computing industry especially in computer programming. Among her many achievements, Grace helped to develop the first compiler that would translate computer code to machine language. She spent her career making computers easier to use and available for the masses. Rear Admiral Hopper died in 1992 at the age of 85. Hopper is known throughout the world as a pioneer for computing as well as a role model and advocate for women in technology.

Hopper is attributed with and lore is written about the first computer "bug". In 1947, a moth was found inside the Harvard Mark II computer and recorded in a log book by physically taping the bug to the paper. Hopper is attributed as having found the bug, but that is probably not true. She did, however, work on that machine and was there at the time. She is known to have recounted that story many times during her life.

Bugs, errors, mistakes, miscalculations, vulnerabilities... they all lead to opportunity for those who can determine how to exploit unpredicted behavior of a computer program. When programs break, security breaks.  When security breaks, intruders and attackers stand at the ready.

I'd like to draw your attention to two resources from Carnegie Mellon's Software Engineer Institute (SEI). Both resources are free to download and do not require sign-up or account creation.

The first resource is a whitepaper labeled "An Updated Framework of Defenses Against Ransomware".  Here is the abstract:

The proliferation of tools and techniques to disrupt enterprise systems has evolved from those capable of supporting merely opportunistic attacks to those enabling targeted attacks. Furthermore, attackers continue to develop methods for monetizing their efforts, resulting in ransomware, a very disruptive threat to business as well as governmental departments and agencies. Ransomware developers are now selling their tools as a service, enabling attackers (individual criminals, organized crime, ideological hackers, or nation-state teams, all hereafter referred to as affiliates) to use tools they do not build or maintain to attack vulnerable systems.

In the last few years we have seen a rise of successful ransomware affiliates that purchase the mal-ware that they use and incorporate it into a ransomware tool chain that is targeted to a specific victim. These attackers lock victims out of their own data, usually by encrypting it, and attempt to extort money to restore the victim’s access to the enterprise data under threat of data destruction or disclosure as a response for non-payment. Recent high-profile cases, including attacks attest to the serious-ness of the problem. In each case, the victims suffered operational disruptions with monetary losses.

This report, loosely structured around the NIST Cybersecurity Framework, seeks to frame an approach for defending against Ransomware-as-a-Service (RaaS) as well as direct ransomware attacks.

Yes, ransomware as a service. You can now deploy your automated ransomware attacks as easily as setting up a new windows server instance. The paper is a short read that guides us through the familiar Identify / Protect / Detect / Respond / Recover framework but focused on ransomware. It is highly informative.

The second resource is labeled "Current Ransomware Threats" and was just updated in August 2020. Here is the abstract:

Ransomware continues to be a grave security threat to both organizations and individual users. The increased sophistication in ransomware design provides enhanced accessibility and distribution capabilities that enable attackers of all types to employ this malicious tool. This report discusses ransomware, including an explanation of its design, distribution, execution, and business model. Additionally, the report provides a detailed discussion of encryption methods and runtime activities, as well as indicators that are useful in their detection and mitigation.

The whitepaper dives into the business model and organization of ransomware.  It helps to explain why attackers use it and why it is so easy to use.  If you are geek for deep analysis on ransomware families, names, and expressions, then this is the resource for you.

I wanted to share with you some of the new ways ransomware is changing and how you can continue to protect your networks from future attack. There hasn't been a known case of a teenager, disgruntled teacher or technologist, or parent releasing a paid-for attack on their school or school division, but it could be only be a matter of time. 

We will find out during the webinar this week that attack from ransomware may not be something we can prevent, but rather we need to focus on how to be resilient and control the event if it happens.  These resources help in those efforts.

Community

Contribute

Do you have cyber-related news or information that you think would be helpful for all Virginia schools and technology staff?  Any specific topics to discuss? Send an email to Tim Tillman, CISO.

Share

Share this newsletter with staff and faculty. Encourage colleagues to sign up for VDOE newsletters here. 

Join

If you are a technology leader in your school division, consider joining the non-profit group Consortium for School Networking (CoSN). The advocacy, research, reports, and training that are generated from the organization are very valuable. You can join CoSN as an individual member or your school district can join. CoSN is also the creator of the Certified Education Technology Leader (CETL) certification and the Trusted Learning Environment (TLE) seal. Many of your colleagues (like me!) and neighboring school divisions have already attained these credentials. Could you be next?

The K-12 Cybersecurity Resource Center helps to spread the word about reported K-12 cybersecurity incidents and raise awareness of attacks and mitigation strategies. You can learn from the experiences of others.