Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Public Sector. Show all posts

Cullman County Courthouse Hit by Ransomware

A hostile cyberattack recently affected the Cullman County Courthouse, causing disruptions to regular operations and causing shockwaves throughout the community. The ransomware attack that affected the courthouse's systems had serious repercussions for Cullman County residents as well as the local government.

The malware attack, described as a ransomware assault, targeted the courthouse's systems, crippling operations and causing a delay in the processing of critical tasks. As a result, January payment deadlines for property tag taxes have been pushed back, leaving residents and businesses in a state of uncertainty. This unforeseen circumstance has prompted local authorities to reassess their cybersecurity measures and reinforce defenses to prevent future incidents.

The attack did not go unnoticed by federal representatives. Congressman Robert Aderholt's office has been closely monitoring the situation, emphasizing the need for a comprehensive response to such cyber threats. Aderholt acknowledged the severity of the situation, stating, "It's disheartening to see cyberattacks affecting our local institutions, and we must take steps to safeguard our communities against these evolving threats."

This incident serves as a stark reminder of the pervasive nature of cyber threats and the potential consequences for communities when essential services are compromised. The Cullman County Courthouse joins a growing list of public institutions grappling with the fallout of ransomware attacks, underlining the urgency of bolstering cybersecurity infrastructure at all levels.

In the aftermath of the attack, county officials are working tirelessly to restore normalcy and reinforce their cybersecurity protocols. The incident underscores the need for continuous vigilance and investment in advanced cybersecurity measures to protect sensitive data and maintain the seamless functioning of public services.

As the investigation into the source of the malware attack unfolds, residents are advised to stay informed about the evolving situation. Cybersecurity experts stress the importance of regularly updating antivirus software, practicing safe online habits, and remaining vigilant against phishing attempts to mitigate the risk of falling victim to similar attacks.

The Cullman County Courthouse was the target of a recent cyberattack, which highlights how vulnerable local government organizations are to online attacks. The incident has caused a reevaluation of cybersecurity protocols in addition to causing disruptions to essential services. In an era where interconnection increases the possibility of such malicious attacks, this loss should serve as a sobering warning for other municipalities to strengthen their digital defenses while the community works to recover.

24 Percent of Technology Applications Have High-risk Security Vulnerabilities

 

With a higher proportion of applications to compete with than other industries, technology firms would benefit from improving secure coding training and practices for their development teams. As per Veracode, 24 percent of applications in the technology sector contain high-risk security flaws, which would cause a critical issue for the application if exploited. 

“Giving developers real, hands-on experience of what it takes to spot and exploit a flaw in code—and its potential impact on the application—provides the context and understanding to build their intuition about software security. Our research found that organizations whose developers had completed just one lesson in our hands-on Security Labs training program fixed 50 percent of flaws two months faster than those without such training,” said Chris Eng, Chief Research Officer at Veracode.

The technology industry was discovered to have the second-highest proportion of applications with security flaws, at 79 percent, trailing only the public sector (82 percent). When it comes to the proportion of flaws fixed, the technology sector ranks in the middle of the pack.

The industry still takes up to 363 days to fix 50% of flaws, indicating that there is still plenty of room for improvement.

Eng added, “Log4j sparked a wake-up call for many organizations last December. This was followed by government action in the form of guidance from the Office of Management and Budget (OMB) and the European Cyber Resilience Act, both of which have a supply chain focus.”

He continued, “To improve performance in the year ahead, technology businesses should not only consider strategies that help developers reduce the rate of flaws introduced into code, but also put greater emphasis on automating security testing in the Continuous Integration/Continuous Delivery (CI/CD) pipeline to increase efficiencies.”

The most common types of flaws discovered by dynamic analysis of technology applications are server configuration, insecure dependencies, and information leakage, which broadly follows a pattern similar to other industries.

In contrast, the sector has the greatest deviation from the industry average for cryptographic issues and information leakage, possibly indicating that developers in the tech industry are more knowledgeable about data security challenges.

82% Applications in Public Sector Have Security Flaws

According to a new study from Veracode, more than 82% (4/5th) of public sector apps have security vulnerabilities, the highest found in any industry. The experts also found that the apps in the public sector take twice the time to get patch the flaws once identified, compared to other industry security fixes. Besides this, around 60% of flaws in third-party libraries in the public sector haven't been patched for two years. It is twice the time frame compared to industry data and almost 15 months behind the cross-industry average. 

The report is based on the data collected via 20 million scans across half a million apps in the public sector, financial services, manufacturing, retail, healthcare, technology, and hospitality. Veracode simplifies AppSec programs by combining five application security analysis types in one solution, integrated into the development pipeline. With comprehensive analysis, you’re covered today and as your program evolves Joint lowest fix rate for vulnerability in the public sector is 22% which is the lowest. 

The study suggests that public sector organizations are more prone to software supply chain attacks because they are more vulnerable, for instance, solar winds, which led to huge disruptions and breaches of critical data. Fortunately, the findings suggest that public sector entities have improved in battling high severity flaws. As per analysis, high-level flaws were found in 16% of public sector apps and the total numbers fell by 30% in the last year. 

The experts believe that the data hints toward new government cybersecurity measures. Public sector lawmakers and politicians know that dated technology and a large amount of sensitive data are the reason for public organizations to become a primary target for hackers. 

This is why Congress and the White House are working together to update regulations that govern cybersecurity compliance.  "In January, President Biden signed a National Security Memorandum (NSM) requiring national security systems to implement network cybersecurity measures that are at least as good as those required of federal civilian networks. Earlier this month, the US passed new legislation that will force critical infrastructure companies to report cyber incidents within 72 hours" reports Infosecurity.