While public safety agencies continue to face ransomware attacks, cybersecurity experts from Motorola Solutions warned on a recent webinar that data exfiltration attacks seeking sensitive data are becoming an increasing threat.
“Top 5 Trends in Public Safety Cyber Threats,” part of Motorola Solutions 2021 webinar series on Cybersecurity for Mission-Critical Technology, featured Dr. Pranshu Bajpai, Senior Staff Security Architect, and Waylon Krush, Chief Technologist, Cybersecurity. The webinar was held during Cybersecurity Awareness Month.
“Trends in the cybercrime underground shift rapidly, and what we are seeing now is they’re pivoting more towards data exfiltration malware,” Krush said.
Public safety is in an especially vulnerable position because their resources need to be focused on mission critical tasks, and they tend to have fewer cybersecurity resources in general. Unfortunately, cyber criminals know this, too. Public safety systems are under increased attack because agencies are “target-rich and cyber poor,” according to Bajpai.
“We see cyber attacks against municipalities, law enforcement, police departments, federal, fire departments, prison systems, all across the spectrum. Ransomware is a major portion of these attacks, followed by data exfiltration attempts,” Bajpai said. He added that targeted ransomware attacks are gaining traction, which is an even bigger problem. “With targeted attacks, cyber criminals are able to choose their victims very carefully – and in this case, they’re going after public safety systems.
After choosing a target, a human threat actor will research and study the agency and its vulnerabilities to try to find a way in. This method is much more sophisticated and quiet than an automated tool, Bajpai explained.
In addition, criminals have a lot of tools, techniques and procedures (TTPs) in their arsenal and can take advantage of a lot of attack vectors, he noted, and when something doesn’t succeed in a specific environment, they’ll move on to the next tool.
Krush pointed out that cyber criminals aren’t just after the initial payout anymore, like a traditional ransomware attacker, but are profiting off information sold after an attack. They’re also gathering information to use against their victims by sourcing what’s publicly available online and through social media.
Krush noted that when criminal groups use ransomware to attack, they’re “collecting intelligence on you, your organization,” calling it “the eBay of exploits.”
The main point, Krush stressed, is that cybercrime has become an organized and profitable business. “There are high payoff targets out there. The deep web and the dark web have literally been set up to run like businesses, so that’s where the money’s at,” noting that cyber criminals often buy and sell information on high-value targets like public safety agencies.
“When it comes to public safety, if they want to break into court systems, call centers or anything like that, a lot of times we see those indicators of compromise in the deeper areas of the dark web before that happens,” he added.
So what can public safety agencies do about this growing problem? What are the best methods for cyber security defense and response? Building an incident response plan is critical, both speakers noted. “It’s very important to think of these things ahead in time before you’re affected or before tragedy strikes,” Bajpai said. The presenters concluded the webinar with a discussion on the intricacies involved in building and maintaining response plans and playbooks against these advanced persistent threats.
Watch our on-demand webinar for the full presentation.