for advice concerning specific situations. The information provided here is for informational and educational purposes and current as of the the opinion or policy position of the Municipal Association of South Carolina. Consult your attorney date of publication. The information is not a substitute for legal advice and does not necessarily reflect 10/5/2020 r"! • 1 ! 99 • • I..1 I E l I NN What is Cybersecurity? cy·ber·se·cur·i·ty / ˌ sībərsi ˈ kyo ͝ orədē/ noun measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Simply put, cybersecurity is protection against digital attacks. Why is Cybersecurity so important? 1
10/5/2020 Why is Cybersecurity so important? Why is Cybersecurity so important? One million seconds is roughly equal to 11.5 days. One billionseconds is roughly equal to 31.75 years. As of 2017, there were 8.4 billion IoT devices. By 2020, that number will exceed 20.4 billion devices. Every second, another 127 devices are connected to the internet Cyber crime by the numbers Letsput itin perspective: · Tesla, Facebook, Microsoft, Apple, Amazon, and Walmart combined annual revenue totals "just" $1.28 trillion. Cyber crime earns $1.5 trillion annually. · The $1.5 trillion that cybercriminals earn is equal to Russia's gross domestic product (GDP) · If cybercrime were a country, it would have the 13th highest GDP in the world. 2
10/5/2020 What’s the big deal about Cybersecurity? Businesses experience ransomware attacks every 14 seconds According to Kaspersky Lab businesses experienced a ransomware attack every 14 seconds in 2019 up from every 2 minutes just several years ago. This is expected to increase to every 11 seconds by 2021. Currently, there are more than 4,000 ransomware attacks every day. -FBI What’s the big deal about Cybersecuri ty? Email is the number #1 delivery vehicle for most malware and ransomware. Verizon reports that users in the U.S open 30 percent of phishing all emails, with 12 percent of those targeted by these emails clicking on the infected links or attachments. 95% of malware is delivered via email Fake invoicemessagesare the #1 type of phishingemail Are you training your users? Are you doing more than just sending out emails or online training? What’s the big deal about Cybersecurity? Millennials are the mostimpacted group of people by cyber crime. This is potentially because they are the most technologically savvy group. In any case, around 53 percent of millennials experienced cyber crime in the last year. 3
10/5/2020 Social Engineering on Facebook Seems innocent at first but.... but now we have their names and dates of birth. Photos on their profile give you the rest of information needed. Social Engineering on Twitter From Twitter: The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.” The forty-five included: Bill Gates, Elon Musk, Jeff Bezos, Kanye West, Uber, Apple, Barack Obama, and Joe Biden. Social Engineering on Twitter Apple. @Apple I Pinned Tw eet @ J e f f B e z o s I h a v e 0 We are giving back to our community. We J e f f B e z o s s and we believe you should too! d e c i d e d t o g i v e b a c k t o m y c o m m u n i t y . All Bitcoin sent to our address b you doubled! A All Bitcoin sent to my address below will be sent back bc1qyv2knrivnircnt7n7nilvrf24.1:4 doubled. I am only doing a maximum of $50,000,000. 0 Warren Buffett 0 @Wa r I Only am giving back to my co bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0w1h 58 PI All Bitcoin sent to my add $1,000, I will send back $ Enjoy! bc1qxy2kgdygjrsqtzq2n0 2:07 PM• Jul 15,2020TwitterWebApp Only doing this for the next 30 minutes! Enjoy. Q 27 n. 47 0 70 4
10/5/2020 Social Engineering on Twitter 12.87 BTC = $144,573.86 (as of July 29, 2020) What’s the big deal about Cybersecurity? A small heating and air conditioning firm in Pennsylvania that worked with Target and had suffered its own breach via malware discovered in an email. In that intrusion, the thieves managed to steal the virtual private network credentials that the firm’s technicians used to remotely connect to Target’s network. Hackers used that initial foothold provided by the firm’s hack to push malicious software down to all of the cash registers at more than 1,800 stores nationwide. ca A N D E L S W h a t ’ s t h e b i g d e a l a b o u t ect C y b e r s e c u r i t y ? 0 0 i " H 0 8 0 1 1 o T A R G E T ' 1 9 1 - ; A r • 404- laWsuits W e r e A i l e d a g a i n s t - T a r g e t a s a r e s u l t o i t h e b r e a c h 110 consumer + 30 bankingICteedirtectle:::$176manitet holderxpensCesases .. 0 0 70 0 0 40 million million creditandcubcardscompromised customerdet, .. 1 5
10/5/2020 What’s the big deal about Cybersecurity? City of Atlanta Headline: “Atla The Georgia ca ransomware at crew on March able to use the were still writin closed. Residen airport. Attackers dema dealing with a Bottoms. What’s the big deal about Cybersecurity? e r What’s the big deal about Cybersecurity? Geor J u l y , r a p i d G e o r The h comm into far as 6
10/5/2020 What’s the big deal about Cybersecurity? State of Texas Texas is the latest state to be hit with a cyberattack, with state officials confirming this week that computer systems in 22 municipalities have been infiltrated by hackers demanding a ransom. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files. What’s the big deal about Cybersecurity? 3 Alabama Hospitals Pay Hackers Ransom to Restore System After a ransomware attack, DC1-I Health System closed its three hospitals to new patients and launched downtime procedures: officials nAiri tha r, . But by Saturday, the three impacted hospitals remaineddosed to all but the most critical new patients. While collaborating with law enforcementand an outside ITsecurity firm, officials said they paid the ransom to receive a decryption key fromthe hackers and restore access to the impacted systems. 11911111Mitiro Okeidsput (charmia (denliirch [error] malicious code iossedasjimozi,-e d se 24i S t r e g 4 r P u respc" z 4` .. '" s t a t u s i ) C f r r > - i f rod e r c *OW r ? d e s P ° r e s l ( c h i n What’s the big deal about Cybersecurity? RansomwareAttack on IT Vendor Disrupts Care at 110 Nursing Homes \ Virtual Care Provider, an g vendor supporting 110 nursing homes and acute care sites, was hit with a ransomware attack last week, \ cutting off electronic health record access for those providers. For VCPI, the data encrypted all of the data it hosts for its 110 clients, with hackers demanding a ransom of $1.4 million in bitcoin to decrypt patient records. Officials said they can't afford to pay the ransom demand and some clients are at risk of shutting down their operations if VCPI can't recover. t e By Jessica Davis November 25. cum- About t to nursing homes and acute care facilities are unable to access paUcut records after IT vendor Virtual Care Provider Inc. (VCPI) was hit by a massive mnsomware attack, which is continuing to disrupt services. fist reportedby Krebs On Security. The Wisconsin-based consulting, interne access, data storage, and security services vendor supports maintenance of about tio,000 computers and servers across those facilities in 45 states, in total. 7
10/5/2020 South Carolina Critical Infrastructure Cybersecurity Program s ATDD Riv 0 SCCYBER 8
10/5/2020 S5fafr of o Seufli Grill:inn e Perufilit pepartmenf (Office of file Governor EXECUTIVE ORDER O. 2017-08 Collaboration Coordination Information Sharing Training & Workforce Development Collaboration 9
10/5/2020 Coordination Information Sharing Training & Workforce Development 10
10/5/2020 8302:W1083U S1N3A3 H3E1A0 30N3011131N1 ON1e1011NOIN C1NV ONINIV1:11 1VOLLIH0 oNiHna '2 NOI1VVJHOdNI NO11/3313C' A111:11103SHREIA0 3SNOdS32:11NRCIIONI 1V31:11-11HRSAO NOIS111:11NI SS* 101r .Y. Jawao uoReup000 J eqA0 N i os , Z 4 " . e • 0 1 4 4 4 4 , 3 . 0 1 1 9 3 # 0 1 , N o t ) CLO Program Sewl Report Cyber Incidents: cyber@sled.sc.gov Cyber 24/7 Phone Line: 803-896-7133 SC-CIC SLED CLO: 803-354-0664 Cyber Liaison Officer Submit Suspicious Cyber Activity: South www sciic org/cyber Carolina · ' ".RANT THE L'SER MO LAW ENFORCEMENT AUTHORITY Critical CLO ID# 12162749525 Infrastructure C ybersecunty NOT OFFICIAL SOUTH CAROLINA 10F NTIFWATION South Carolina Critical Infrastructure Cybersecurity Program CLO Contact To sign up for our program, email sfay@sled.sc.gov S/SA Sean Fay Cyber Liaison Officer 11
Recommend
More recommend
