Tag Archive for: identifies

County Identifies Gang That Has Taken Down CAD System

/in


The 9-1-1 center.
Credit: Tom Sofield/LevittownNow.com

Bucks County officials have identified the ransomware gang behind the attack that has crippled the countywide computer-aided dispatch (CAD) system.

In a statement, county officials said they have informed “local, state and federal partners that the ransomware ‘Akira’ is involved so that they can have situational awareness and review their own systems. ”

Akira, according to various news reports from around the globe, is a cyberattack gang that has hit governments and businesses. The gang can charge millions to release captured data.

The county said in a weekend statement that it “continues to investigate the cybersecurity incident.”

Sources have said federal law enforcement has been investigating the attack. The FBI and Bucks County District Attorney’s Office declined to comment.

“The county continues to work closely with third-party experts to conduct a thorough investigation,” Bucks County officials said in a statement.

Officials have not commented on how much the ransom request was, whether the county is talking with the attackers, if the county has considered paying the ransom, or what will happen to the captured information, which includes sensitive data handled by emergency crews.

While the 9-1-1 system remains operational, the CAD system used by local law enforcement, firefighters, and ambulance squads continued to be out of service as of Saturday afternoon.

The cyberattack kicked off with the outage that started last Sunday.

The outage has led to responders across Bucks County going back to pen and paper and other inconveniences. Call-takers and dispatchers have been using pen and paper and spreadsheets to handle calls.

There have been some frustrations and slowdowns in responses with the CAD system being down, police and fire officials have said.

The Pennsylvania National Guard has been among the state and federal agencies assisting the county.

Report a correction via email | Editorial standards and policies


Source…

CISA Identifies Known Exploited Vulnerabilities Linked to Ransomware Campaigns

/in


The Cybersecurity and Infrastructure Security Agency has launched new resources to help organizations identify vulnerabilities and misconfigurations linked to ransomware campaigns.

The agency said Thursday it has added a “Known to be Used in Ransomware Campaigns” column to its catalog of known exploited vulnerabilities and a “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table to its Stop Ransomware website.

The table features a short description of the misconfiguration and a column identifying the cyber performance goal action for each vulnerability.

With the new offerings, CISA aims to help critical infrastructure organizations boost their cyber resilience by providing mitigations against specific KEVs, misconfiguration and weaknesses targeted in ransomware campaigns.

Homeland Security identifies 311 child victims of sexual exploitation in ‘cold cases’

/in


More than a dozen international law enforcement organizations worked together under U.S. leadership to identify and locate victims of child sexual exploitation in a just-completed operation that officials say is likely the most successful of its kind.

In the three-week “surge” known as Operation Renewed Hope, which began July 17, investigators combing through sexually graphic internet material involving children, much of it on the dark web and some of it decades old, made probable identifications of 311 child victims and confirmed the rescue of several victims from active abuse.

Homeland Security Investigations (HSI), part of Immigration and Customs Enforcement, took the lead in the operation, which included representatives from the Justice Department, the FBI, the U.S. Marshals, Interpol and Europol, as well as 13 law enforcement agencies from Australia, Canada and countries in Europe and South America.

In many of the cases in which victims have been identified, HSI officials told NBC News that the material had existed for many years, but investigators were previously unable to identify the child victims or the adult abusers. Thanks to new facial recognition and artificial intelligence technology, there are now fresh leads in these formerly cold cases.

After they narrowed down a location or tentatively identified a victim, the investigators sent their new leads to the appropriate local law enforcement agency. The operation sent more than 100 leads to HSI field offices and 25 partnering countries. Some suspects in Canada and the United States have already been arrested.

The announcement comes a week after the FBI revealed it had identified dozens of victims of child sex trafficking and more than 100 suspects in a separate sweep called Operation Cross Country.

Mike Prado, deputy assistant director of the HSI Cyber Crimes Center, said the results of Operation Renewed Hope “exceeded our wildest expectations in the sense of being able to identify children who have been abused for, in many cases, years.”

He gave NBC News a tour of the operation while it was in progress, being careful to avoid showing any of the highly graphic material under review.

In one room, more than 20…

Source…

City of Dallas identifies group responsible for network outage, ransomware attack

/in


Dallas officials gave an update Thursday after announcing that city servers were under a cyberattack Wednesday, affecting several city services.

“Vendors continue to work around the clock to contain the outage and restore service, prioritizing public safety and public-facing departments,” the city said in the update.

A ransomware group called “Royal” initiated the attack, according to city officials.

Bill Zielinski, the chief information officer for Dallas, will give a briefing on the attack on Monday, May 8.

As of 10 a.m. Thursday, the city provided the following updates on services:

  • Dallas Police Department and Dallas Fire -Rescue service to residents is unaffected.

  • 911 calls continue to be received and dispatched.

  • 311 calls are being answered, but non-emergency service requests may be delayed.

  • Courts are closed and LiveChat is inaccessible. All cases will be reset; jurors do not need to report for service and notices will be sent by mail.

  • Saturday’s election is unaffected. Dallas County will share official information including results. Meeting notices are being posted and meetings may be viewed at dallascityhall.webex.com, dallascitynews.net/watch-live, Spectrum channels 16 & 95, and AT&T U-verse at channel 99. Contracts may be delayed.

  • All branches of the Dallas Public Library are open and in-person checkouts continue. Online materials are currently unavailable.

  • Billing for Dallas Water Utilities is unaffected, but meter reading will be delayed. Only the department’s interactive voice response system can take credit card payments. Disconnections will be discontinued until the outage is resolved.

On Wednesday morning, the City of Dallas’ security monitoring tools notified the Security Operations Center that a likely ransomware attack had been launched on their servers.

The city confirmed later Wednesday that a number of servers have been compromised with ransomware, impacting “several functional areas,” including the Dallas Police Department website, the city said in a news release.

“The City team, along with its vendors, are actively working to isolate the ransomware to prevent its spread, to remove the ransomware from infected servers, and to restore any services…

Source…