Oct 16, 2020
Craig discusses why State and Local governments are getting ransomware and who is actually at fault.
For more tech tips, news, and updates, visit - CraigPeterson.com
---
Trojan Malware Targets Trump Supporters
Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0
Tyler Technologies finally paid the ransom to receive the decryption key
5G in the US averages 51Mbps while other countries hit hundreds of megabits
Apple’s T2 security chip has an unfixable flaw
Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance
Android Ransomware Has Picked Up Some Ominous New Trick
---
Automated Machine-Generated Transcript:
Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go.
Hey, thanks for joining me. This is Craig Peterson of course.
Tyler technologies, you might not have heard of these people. They are the largest provider of software to the United States public sector. At the end of September, Tyler technologies disclosed that they had been nailed by a ransomware attack.
Its customers, which are public sector companies, Or not obviously not companies, but organizations like towns, counties, States, it's customers reported finding suspicious log-ins and. What is called the RATS on their networks? A rat is a remote access tool. Remember I've told you how we found Chinese back doors on networks, time and time again and we continue to find them. Those are rats. Those are remote access tools.
What happens is your network gets infected bad guys, gets onto your computers and they install software that gives them remote access. Isn't that just phenomenal? Oh, we have the majority of states here in the country that are using Tyler technology services and software. Some of those, at least I have found remote access tools on their networks. That is a very bad thing apparently.
According to security affairs.co, apparently Tyler notified law enforcement about it. It took place on September 23rd and they brought in a forensics firm to investigate the incident and trying to figure out what did the bad guys get.
That is a very big question. Did you know that if you are a business, you are required to be able to figure this out? Under certain federal contracts or DOD particularly you are required to keep long-term logs. Those you have to have logs of everything that's been happening on your network for the term of the contract. I think it's plus three years, depending on the contract, that is a long time.
That's a lot of logs gets pretty expensive, pretty fast. When you're a company like Tyler technologies you'd think they would have some absolutely amazing logging software. But do they? No. No, of course not.
I see this all the time. We've got to be careful people. We've got to keep the logs that come in from our firewalls, the logs on our computers. They need to be basically vacuumed up and put into a database for at least a few weeks so that an investigation can occur. If something were to happen.
One of the things that we've got to keep in mind too, is that from the time the machine is infected until the time they are moving around in the network right now is about a week. You have five to seven days to notice that you've been infected and to shut it down before they start expanding.
So having a few weeks worth of detailed logs of everything going in and out of your firewall and everything going on your computers can quickly Put an end to the types of hacks that Tyler experienced.
As I said, depending on the regulations you're under, you could be in trouble. I had probably about a dozen people this week asked me for my audit kit. So if you'd like a copy of my audit kit, if you are in a state or a local government, or you are in business, I have an audit kit that covers everything, all of the major stuff anyway.
FINRA requirements. If you are a financial organization dealing with personal information, identifiable information, et cetera, just send me an email in the subject line. Just say audit. Kit. I'll email one out to you so that you have that I'm not charging for any of this stuff.
It is a checkmark thing. This thing's over 300 pages just long. Okay. It has all of these different standards in it, but it's something you can use. You can sit down and go through it with your IT provider or your internal IT people.
Or you can sit around at the conference room table with your senior managers and go through it because there are different sections in it.
So the very first section is just general high-level stuff to make sure that you're going, to have general compliance. And then it gets right into the national Institute of standards, technology stuff, the NIST 800-171, and some of the other sections that are needed. So it even goes to absolute detail here bit by bit if you want that.
So I can send that to you if you want. I'd be glad to. It's a PDF. I found a lot of people had it bounce, though. I think the majority of them, cause it was a huge and like 20 megabytes, which is crazy. So I compressed it. I use PDF Expert on my Mac to compress it down to about 12 megabytes, which is still too big to send by email.
As a general rule email shouldn't be used for anything that big and by the way, a lot of email filters we'll assume if it's a big piece of email, a big attachment like that it's malware.
I'll probably just send you a link to my Dropbox account so you can pull it right out of there when you want. Anyhow, that's just me, M E at craigpeterson.com audit kit. Be glad to send it to you.
It's useful for home users as well. You're not going to, of course, delve into all of the more detailed stuff for specialized businesses, but you are going to be able to have the nice high-level stuff that is going to help you out.
Immediately after this attack friends over at Tyler technologies said that the incident only impacted the internal network and phone systems. Yet, it looks like they got the ransom X ransomware. This is human-operated, ransomware. This is the type of stuff I've been talking about.
It's a RAT. It's remote access. It allows them to get in, like a Chinese back door. With human-operated ransomware, they get onto the computers and they start poking around.
Back in June this year. Ransom X again was used in an attack on the Texas department of transportation. In September effected systems over at IPG photonics, which is this high-performance laser developer. Bleeping Computer, which is a great site for keeping up on some of this stuff is also talking about now how Tyler technologies paid a ransom to receive the decryption key and recover encrypted files.
Now you might ask yourself, how do they figure out what ransom they should charge, right?
A home user's not going to be able to afford the same ransom that a city can afford and just ask Atlanta. How many times have they had ransomware and paid ransoms and been down for months, some of their systems, just crazy. They do it with this type of ransomware, where you've got a human-looking around figuring out what is this? Is this a business? This, a home user. Okay. So we'll charge them a couple of hundred bucks. Oh, this is a city. So let's spread laterally. Let's poke around. Let's see what the weaknesses are in their internal networks.
Remember I said earlier in the show, that we run sometimes through firewalls here at five or six times, that's called ZeroTrust and that's to stop these attacks. We gotta be able to stop them. We absolutely have to be able to stop them.
All right. Crazy times we live in, you're listening to Craig Peterson.
I'm feisty stick around. Cause coming up, we're going to talk about the five G in the U S of A.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553