360 Degree Cyber Security, LLC

Ready or not?

Ready or not?

Last week, the city of Allentown was hit with Emotet, malware that started as a banking trojan.  Reports indicate that the initial entry into their municipal business environment occurred via phishing.  Once the malware was downloaded and installed, it began to replicate itself across the city government’s network infecting devices and stealing login credentials.  This has resulted in the city’s financial system being offline, the city’s camera surveillance being taken offline, and the city’s police department being disconnected from the Pennsylvania law enforcement network.

 It is estimated that the cost to remediate this attack will be close to $1 million. This same malware has infected other government and public-school facilities.  In fact, this past January, the same malware cost the Rockingham, North Carolina school district $314,000 to recover from the infection.

 What is Emotet?  Emotet is malware that started out as a banking trojan three years ago.  It was originally designed to sniff network traffic for user login credentials.  Over the last three years, the malware has morphed to allow for custom modules to be added.  Last year, the malware started to use the EternalBlue exploit developed by the NSA and later leaked to the public.  This exploit allows the malware to spread across Windows networks on devices that have not been patched.  The malware is not easily blocked as it can be delivered via .js, .pdf, and .doc/.docx files.

 What can be done?  Ensure that you are auditing your patching to verify that patches are being applied as they should.  Not saying that this malware spread via the EternalBlue exploit, however as a method that it does spread by, are you ready to prevent it from spreading.

Why perform a patch audit?  Sometimes patches may be pushed in an automated fashion, but for whatever reason just don’t make it on to a system and may require a more hands on approach. 




About the Author

Chris Wolski author

Chris Wolski is the founder and principle consultant of the small business and municipality focused cyber security firm 360 Degree Cyber Security, LLC. He is currently certified by International Information System Security Certification Consortium as a Certified Information Systems Security Professional and by the SANS Institute as a Global Industrial Cyber Security Professional. Active in the information security community, Chris volunteers his time at BSides Delaware and to various individuals seeking to be mentored in cybersecurity. He is frequently researching industrial devices to discover weaknesses that would present a problem for users of those devices. Chris obtained his start in cyber security in the U.S. Navy where he served in various information security and signals intelligence roles over his 20 year career. He left government service after serving in a position to develop cyber threat intelligence against industrial controls and later on the Joint Chiefs of Staff as a cyber incident handler. Chris has a Bachelor of Science Degree in Cybersecurity from University of Maryland University College and is currently pursuing a Master in Business Administration, also at the University of Maryland University College.

Comments Are Closed!!!