Cyber Attacks on Saint Paul

These past two months have been a nightmare for Saint Paul. Both North and South Saint Paul have experienced some form of a cyber attack. Just last week on July 28th, both North St Paul and St Paul experienced a cyber attack on their emergency services. Then last Friday, another cyber attack occurred. The information is still developing so I'll try to just talk about what we know for sure.

On another note, this is the last week of class! I don't plan on keeping this blog updated every week outside of the scope of the class. But I hope if any fellow students read this, that they enjoyed my blog posts. Good luck everyone on their final!

Back to the cyber attacks in Minnesota. After the attack last Friday, Governor Waltz declared a State of Emergency and called in the National Guard. According to KSTP, local, state, and federal agencies are investigating the attack. Two firms have been acquired to investigate what happened. The disruptions are affecting access to online services and internal systems. Though it is stated that 911 services are online, despite back-end challenges. Other systems affected included Wi-Fi, and disruptions to libraries’ collections management systems.

Since the attack is still under investigation, and possibly underway, not much is known about the intentions of the bad actors responsible. It is still unknown if financial information or credential information was accessed or released on the dark web.

The city's response was fairly quick, receiving a notification of suspicious activity Friday morning, and shutting the systems down by the afternoon. Many citizens complained of the lack of services, but in my opinion, I'd rather have it shut down than my information being actively ransacked. Naturally those unfamiliar with digital crime have a harder time understanding.

KARE 11 has some exclusive information on the first cyber attack on the North St Paul system, stating that the access to the system was granted via a phishing email that compromised one email in the police department. They also claim that St Paul's attack seems more related to ransomware than phishing. According to Rawlins, the business continuity plan for St Paul was four hours, but he says that won't be the case for this attack. 

So far, there are no demands for a ransom.

This news is piping hot and I'm excited to see what actually happened and if all these agencies will have any luck discovering the perpetrator. 

As always, there are bad actors, even police officers need to learn about phishing! Keep your passwords unique and complex, and try to pay attention to your credit at all times.

Have a great summer!

Articles Read

• Minnesota National Guard activated, state of emergency declared after cyberattack against St. Paul
• North St. Paul says hack came after phishing attack on police department
• St. Paul, MN, was hacked so badly that the National Guard has been deployed

Nicole Golden 

Surviving Disaster: Hurricane Milton and Tech Companies

Hurricane Milton and Helene hit a little over a year ago and the land is still reeling from its effects. Some people still haven't recovered from its path of destruction. Hitting areas unprepared for a hurricane of that degree. This week in class, we learned about Contingency Planning and hurricane response was the first thing to come to my head. When a disaster like a hurricane comes and destroys all infrastructure in the area, how does a tech company recover? Technology relies on infrastructure like the Internet, Cloud systems, and other interconnection-based objects. 

In the case of Hurricane Helene, a warning was issues 36 hours before landfall. 36 hours is only a day and a half. Luckily it was a Monday, but we all know how offices don't fully work on the weekends. This is why planning ahead of time is of such importance. With only 36 hours to decide where to go, and what to shut down, you better have a plan ahead of time. That's also why many disaster plans are required by law to be ready ahead of time.

Either way, the hurricane comes and goes and these companies are left to pick up the pieces. According to an article by CRN, the hardest part tech companies experienced was accessing their cloud-services. Since the internet and data centers were out in the area. Smaller businesses definitely ended up more underwater than bigger in the fact their network connections are simply smaller. 

Firewalls also suffered from not accessing any networks. Many companies had to use generators or exit from the area to restore their services. Other larger companies opened special areas where people could use their phones to connect to the Internet. 

In situations like those, the millions of people that rely on Internet everyday, need to access it to check if their loved ones are okay. Disasters aren't just a test to a company, but a test of the companies' people too. 

The article includes 10 testimonies from solution providers, vendors and distributors right after the hurricane.

10 Tech Companies Navigating Hurricanes Helene, Milton: ‘We’re All In This Together’

- Nicole Golden 

 

Ruining the Economy One Ransom Attack at a Time

This week in class, we are learning about monitoring, auditing, and logging. It is a very important part of cyber security, though often underestimated. Not every day can be updating systems, sometimes it's just watching the network and making sure nothing suspicious is happening. Unfortunately for this British company named KNP, something suspicious happened. Before they knew what was wrong, they got a ransom note and couldn't afford the amount they needed to pay. That was the end of KNP for good. 

KNP has existed for 158 years, yet never faced this problem. The article by the BBC states that the loss of their company occurred due to one weak password. One weak password put 700 people out of work. While I wouldn't consider that a particularly large company, that's a big mistake. Imagine if your coworker had a bad password and that made you lose your job. That would make me angry. Though these ransom attacks are apparently a growing trend in the UK, they are struggling to work against them. There are multiple security agencies at work there in the UK, including MI6, MI5, and NCSC. Despite that, the company was lost. 

The articles goes on to talk about the power of cyber security in companies, and how they determine their fate. It seems that cyber security professionals in the UK are worried that there aren't enough regulations for companies to protect their data from these organized crime hackers. 

In the end, the lesson I learned from this is that you can never stop advocating for strong password and security awareness. I'll never stop telling my friends, family, and coworkers to at least try and have secure passwords. Because if all it takes is just one weak password... maybe we all need to help remind each other to make the world a safer place.

Article Read:

• Weak password allowed hackers to sink a 158-year-old company

- Nicole Golden 

Transportation Threats

We all have to get around somehow. Be it planes, trains, cars, or boats. The more systems that function online, the more that are susceptible to hacking. This week in class we discussed security operations and administration. Which covers how companies handle their employees and data. While looking around for cyber security news I saw some articles about planes and trains. So I decided to look more into what is happening to our transportation in our cloud-based world.

The first article I read talked about a 20 year old vulnerability was just reported that if taken advantage of can lead to derailing trains in Ohio. About two years ago there was the derailment of an Ohio train that spilled hazardous materials all over the city of East Palestine. That error was due to a failed wheel bearing, not hacking. But only with that derailment, we can get an idea of what a train derailment could mean. In the USA, we get a good amount of our products from delivery by train. If hackers knew what train they wanted to tip and where, they could cause another disaster. Unfortunately, the railroad's security team says it will take them until 2027 to fix the vulnerability. CISA’s acting executive assistant director for cybersecurity says the vulnerability would be too difficult to exploit which is why nothing was down with the knowledge of it for 20 years. Whether or not it was going to be exploited can be debated, but it concerns me as a passenger to know companies know their weaknesses but don't do anything about them.

Another article I read was about airlines. Less so how airplanes have been seeming to fall out of the sky lately, but more focused on the data airlines have. Airlines deal with millions of people every day, which means they have millions of people's data circulating on their servers. That is binary gold to hackers who need that data to then commit identity fraud. Some of the latest attacks were on Hawaiian Airlines and Quantas in just one week of each other. There's not much a passenger can do once their data is collected after flying with an airline. To protect yourself, make sure passwords are strong and not easy to guess. Also try to set up multiple factor authentication. However, once a company is breached, there's little you can do.

The last article I have added is a bit more of a technical read about Ransomware-as-a-Service (RaaS). It shows how hackers are evolving with the times and using AI to hack better.

While these two articles serve more as a cautionary tale than a call to action, it's still worth noting that the more companies using cloud services and depending on the Internet as their structure for communication, the more vulnerable everyone is. Companies need to be held accountable for ignoring vulnerabilities until it's too late. 

Articles Read

• Major railroad-signaling vulnerability could lead to train disruptions  
• Cybersecurity experts warn of increasingly 'treacherous' landscape as major brands fall victim to attacks
• Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools

- Nicole Golden 

Morris Worm

The Internet is a scary place sometimes. Just as on the streets in real life, there are bad actors in play putting out ransomware and Trojan horses to infect the every-man. Viruses are sent out to get after data. It's a pretty profitable job when it's done right. In the beginnings of the Internet, it was pretty easy to mess up systems. This was the case of the Morris Worm in 1988. 

A computer worm is a self-duplicating program that infects computers one by one. Back in 1988, computers trusted each other since there were fewer than 100,000 connected computer. This meant lack of passwords or weak passwords and a general trust in files received. 

Robert Morris created the worm at the Massachusetts Institute of Technology (MIT) network. There is discourse about whether Morris intended to teach the community about security or he did it just because he wanted to. Morris was a student at Cornell University. The worm unfortunately caused damage due to its protocol requiring it infect even if the computer says it's already infected seven times. This led to computers having more than one copy of the worm in the system. According to Wikipedia, the exact vulnerabilities it exploited were "A hole in the debug mode of the Unix sendmail program, a buffer overflow or overrun hole in the finger network service, and the transitive trust enabled by people setting up network logins with no password requirements via remote execution (rexec) with Remote Shell (rsh), termed rexec/rsh."

About 60,000 computers were infected with the Morris worm. While it didn't ruin anything in the computer system, it slowed computers to a near halt. Some of the computers were federal use, which meant military emails went by slower. This had some very serious ramifications for the creator. He was charged with violating Computer Fraud and Abuse Act, the first person ever charged with that act. Morris is still active in the coding community after serving his sentence of three years' probation, 400 hours of community service, and a fine of $10,050 plus the costs of his supervision.

We've learned a lot about computer security and networks since the Morris Worm days. If it was deployed today, it wouldn't even work since rsh is no longer used. Not to mention, passwords are different now and more advanced. But the impact the Morris Worm had on hackers today is clear. Computer viruses were inspired by the idea the worm exploits. It's important to learn and grow from mistakes made in the past. It shows that often the worst hackers are the ones we already know.

Articles Read:

• What Is the Morris Worm? History and Modern Impact
• Morris worm
• The Morris Worm

 - Nicole Golden