Rick Mauch
FWBP Correspondent
On the heels of a massive cyberattack in Atlanta in late March, along with ransomware attacks in Baltimore, North Carolina, and two in Colorado, cities across the nation are scrambling to ward off the possibility of such an incident happening in their burg.
Fort Worth is among them. The City Council received an update in an informal report at Tuesday’s council meeting.
“There are many public sector organizations in the news recently as victims of cyberattacks. There is an increasing trend in so-called ‘zero-day’ threats, which are cyberattacks that are previously unseen on the Internet,” said City of Fort Worth Chief Technology Officer Kevin Gunn. “Also, many new attacks are using obfuscation techniques to bypass traditional anti-virus software that use signature files to detect threats.”
To stay ahead of this trend, the City of Fort Worth is planning to deploy new anti-virus software from Crowdstrike, which does not rely on virus signatures and can prevent zero-day attacks.
“The software also allows staff to automate many remediation tasks to reduce the labor effort of protecting our desktop and laptop computers,” Gunn said.
The May 1 Council agenda will include a request to approve the advanced
anti-virus/anti-malware software from Crowdstrike, which will improve protection for all city laptops, desktops, and servers. Monitoring behavior can prevent an attack even if the attack has never been employed anywhere else on the Internet.
When the attack occurred in Atlanta, 8,000 employees were forced to shut down computers for five days. It did not affect 911 or treatment facilities, but it did cripple vital government services from courts to recreation and leisure. Police officers had to write reports by hand, residents couldn’t pay water bills online, and municipal court date were reset, among the problems caused.
A ransomware attack hit Baltimore’s 911 dispatch system, prompting a roughly 17-hour shutdown of automated emergency dispatching. The Colorado Department of Transportation suffered two attacks in consecutive weeks in February. The North Carolina county that’s home to Charlotte totally rebuilt its system after a December attack.
When ransomware enters a network, it encrypts files with an unknown encryption key. The attacker then demands a ransom payment to provide the key to decrypt the files. Ransomware can be spread using many different techniques: malicious email attachments, servers that are exposed to the internet, and downloads from untrusted websites. Once inside the network, the ransomware can spread throughout the network encrypting files and crashing servers.
The city is taking measures against these types of attacks by requiring elevated privileges for loading software, limiting the number of employees with elevated privileges, and by employing advanced detection and blocking systems on the network. Systems are further protected by promptly installing software patches from the vendors who provide the city’s software, such as Microsoft. Unpatched systems are the number one way that remote attackers are able to compromise computing systems.
The City also conducts cyber security awareness training for all employees with annual refresher training so that all employees help keep computing systems secure.