The massive SolarWinds hack has been grabbing headlines for going on two weeks, but it’s not the only recent attack by reported Russian hackers.
State-sponsored malicious hackers reportedly breached the city network of Austin, Texas. The breach appears to date back to mid-October.
Daniel Trauner is director of security at Axonius. He’s been following the Austin attack and believes that all cities with critical infrastructure should be worried about cyberattacks.
According to the Austin-American Statemen, Austin hasn’t confirmed whether its network was attacked by Russian hackers.
Last week, we reported that bad actors inserted malicious code into SolarWinds‘ Orion software updates sent to nearly 18,000 customers. It existed in updates released between March and June of this year.
Axonius’ Daniel Trauner
We spoke with Trauner to learn more about the implications of attacks like the one on Austin.
Channel Futures: Does the fact that this was carried out by state-sponsored Russian hackers make this breach unique? If so, why?
Daniel Trauner: Not particularly. A number of major breaches over the last few years involved some level of state-sponsored activity. This does appear to be an infrastructure-focused operation, however, which means that the attackers almost certainly had more specific, complex motivations.
CF: How were these malicious hackers able to pull off this breach?
DT: It’s not entirely clear, though a number of other sources have reported that this breach is not related to the supply-chain attack involving SolarWinds. According to their report, it was also conducted by a different Russian threat actor.
CF: What sort of damage have the Russian hackers caused the city?
DT: The city has seemed to avoid commenting on the impact, though some reports mentioned receiving a message stating that there had been no loss of “personal information.” This isn’t revealing much.
CF: Why should all cities with critical centralized infrastructure be worried about potential cyberattacks?
DT: Unlike your smartphone, most industrial control and related systems won’t regularly bother you to install software updates. The code deployed to these systems is often designed to be updated every few years at best. And in some cases, it may not ever be updated unless there’s an emergency or if the hardware is being replaced, too. While the standards for the development of such software may be higher or designed to maximize safety in the event of failure, no complex software is unhackable. The fact that you may have much older software running on certain infrastructure is a natural weak point.
CF: What actions can cities take to better prevent or at least minimize the damage from cyberattacks?
DT: Understand what infrastructure you have. And ensure that you have up-to-date information about as many properties as you can for these assets. Make sure that if there have been critical software or hardware advisories put out by the manufacturers, that you’re aware of the guidance they’re providing and plan to take action if required. And as with any good security operations practice, ensure you have a centralized logging solution that you actually monitor and alert on. And have a formal/documented incident response procedure for investigating and responding to alerts.
CF: Can MSSPs and other cybersecurity providers help these cities be prepared? If so, how?
DT: In line with the above advice, ensuring that you have a deep understanding of your asset landscape – not only the devices and users in your systems themselves, but their relationship to one another – is often the most difficult part of the process. Past that, strong observability in the form of logging, monitoring and alerting, as well as a formal incident response procedure, will help you react quickly and effectively in the event that something goes wrong.
Record Rise in Ransomware Attacks in Q3
Positive Technologies‘ third quarter cyber threatscape research report showed a massive increase in ransomware attacks, accounting for more than half of all malware attacks.
Cybercriminals increasingly are targeting the health care industry. In particular, attackers have begun …