Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Databases risk. Show all posts

Cyberattack on Bucks County's Emergency System

 



Bucks County is in a compromising position as a digital ambush has transpired. About a week ago, the computer-aided emergency dispatch system, the backbone of quick and efficient emergency responses, fell victim to a cyberattack. Picture it like the invisible heart of the town, suddenly under attack, causing confusion and chaos.

County officials have been working tirelessly to uncover the culprits behind this digital ambush. They've pointed fingers at a group called "Akira," known for causing trouble since their emergence in March 2023. Think of Akira as digital troublemakers who target different areas, demanding money to fix the mess they create.

Now, let's dive into the heart of the issue – the emergency dispatch system. It's the town's lifeline during emergencies, like a superhero hotline connecting those in need with help. Dispatchers, call-takers, and 911 operators use this system to coordinate responses swiftly. But with the attack, it's as if the superhero hotline went silent, leaving the town vulnerable.

Despite this attack, county officials reassure the public that 911 phone and radio systems remain operational. It's like saying, "Hey, we're still here to help," as they investigate the incident. However, the impact of the compromised system is significant. Automated services powered by computer-aided dispatch (CAD) are offline. It's like losing essential town services that people rely on daily.

Law enforcement officials are facing challenges too. They can't access crucial databases like the Commonwealth Law Enforcement Assistance Network and the National Crime Information Center. Imagine them trying to solve a puzzle without all the pieces – it's tough.

Cooperation is key in times like these. County officials have been collaborating with local, state, and federal partners, sharing information about the Akira ransomware involvement. It's like the town rallying together to face a common threat. The Department of Homeland Security is in the loop, and a joint investigation is underway with help from state and federal agencies.

Bucks County's IT department is in overdrive, working to restore the affected systems. However, as of now, there's no clear timeline for when these critical services might bounce back. This incident is a wake-up call, emphasising the need to strengthen cybersecurity measures to protect essential services.

In the midst of uncertainty, the county urges residents to keep an eye out, emphasising that 911 services remain functional despite the ongoing investigation. It's like saying, "We're still here for you." This situation highlights the vulnerabilities in our interconnected digital world, reminding everyone to stay particularly caregivers against cyber threats that can disrupt our everyday lives.

Researchers Reveal DBREACH as New Attack Against Databases

 

In reference to the past record, many organizations have observed that databases are critical applications for any organization, which give cybercriminals more chances to target them. 

Recently hackers review has reported news relating to the Black Hat US 2021 hybrid event in which hackers have been encouraged to collaborate with federal agencies against cybercriminals – in the same event a group of cyber intelligence expressed a new type of cyber attack against databases that could lead to information reveal and loss. The attack has been identified as DBREACH, which is an acronym for Database Reconnaissance and Exfiltration via Adaptive Compression Heuristics. 

Mathew Hogan one of the cyber intelligence members said that in modern databases, compression is often paired with encryption in order to reduce storage costs. Although that can increase risks as it could lead to exploitation by a class of vulnerabilities known as side-channel attacks. 

“With DBREACH, an attacker is able to recover other users’ encrypted content by utilizing a compression side channel," Hogan said. "We believe this is the first compression side-channel attack on a real-world database system." 

Along with this, Hogan and his colleagues in a much explained 121-slide presentation have provided thorough detail on how a DBREACH attack could work. Reportedly, DBREACH goes with the same techniques as the CRIME (Compression Ratio Info-leak Made Easy) attack on Transport Layer Security (TLS) that was first reported in 2013. 

"We believe that this threat model is realistic and achievable," Hogan further told. "The update capability can be achieved through a front-end web interface that's backed up by a database table, which is something that's really common in a lot of databases." 

How can database users mitigate the risk of DBREACH 

There are many ways for database users to mitigate the risk for DBREACH. One of these ways, as per Hogan, includes not using column-level permissions. He also recommended organizations to monitor database usage patterns for unusual activity which then would be similar to Denial of Service (DoS) detection, looking for a single user that is performing an unusually high number of updates. 

"The only foolproof method for preventing this attack is to turn off compression…” “…We believe that this really drives home the point that compression and encryption should be combined very carefully, lest you or your system fall victim to compression side-channel attack," Hogan added.