Lessons Learned from the City of Mobile’s Recent Cyber Attack
October is wrapping up and so is National Cyber Security Awareness month. I am sure you all have been celebrating this all month. As a consultant and managed service provider to local utilities and small businesses I wanted to highlight some things we can learn from one cyber incident this month that occurred in the Mobile, AL area.
A recent six day outage of the City of Mobile’s email system was the result of a cyber attack exploiting the Shellshock vulnerability. At least that is what I have gathered from reading a few local news articles and the press releases on the city’s web site. It may have been what was recently reported by the SANS Internet Storm Center where the attack leverages Shellshock against SMTP gateways as a main attack vector through the subject, body, to, and from fields. Once compromised, a Perl botnet is activated and beaconing on IRC for further instructions. The Perl bot contains simple DDoS commands, and can also receive and execute malware. I don’t have any direct information on this issue and there is some speculation involved. However, there are some lessons from this incident that I believe will serve businesses well who may at this point just be lucky it wasn’t them this time.
I want to give the disclaimer that this post isn’t intended to give the City of Mobile, its staff, service providers, or affiliates a hard time. Rather, this post is intended to bring cyber security awareness to local businesses and IT service providers to better protect the technology resources we’ve been entrusted with.
So, what can be learned from this incident?
First, know your network’s vulnerabilities and take them seriously.
From the sounds of it the city knew they had an old system that needed to be replaced, and admitted that they should have replaced it years ago. This thing was twenty (that’s 2 – 0) years old! The reason for waiting, as it is most of the time, is not enough zeros in the budget. The Shellshock vulnerability that opened the door for the cyber attack was publicly announced weeks before the city started battling the recent attack. Yet, the system stayed in place. They also admitted that due to the budget limitations they run their systems until they “just quit”.
Having a regular network assessment done is the first step in knowing your current vulnerabilities. The next step in which most fail to take is making a roadmap to address the concerns. The sooner this is done and taken seriously, the better the chances are of avoiding a prolonged service interruption. At Rooted Technology Solutions we aim to ensure our clients engage in regular network assessments and technology roadmaps to be proactive in providing the most reliable and secure technology solutions to meet the business demands and budget requirements. I firmly believe that it costs far more to run your systems until they quit than to be proactive.
Keep in mind that while not every vulnerability can be immediately remediated, there are steps that can be taken to mitigate those risks. Remember, “how fast do you have to run to outrun a bear?”, “Faster than the guy behind you”.
Let’s be honest, while your twenty year old email gateway may get pwned by a hacker using a vulnerability like Shellshock it is just as likely to die from old age. If you’ve worked in IT for any number of years you know that all computer systems can and will fail at some point. Always strive to eliminate single points of failure in your critical systems. There are so many ways to leverage the cloud to build in better business continuity, as well as implementing existing systems in accordance with best practices to avoid downtime. Have a contingency and alerting plan for when your systems fail, get pwned, or data is compromised. This takes time, but this should be part of your assessment and roadmap every year. This is another area Rooted Technology Solutions can help you know your gaps and give you the IT expertise to fill them. We work with you to help prioritize items on the roadmap that align with true risks and business priorities.
You don’t always have to have the biggest and most advanced systems to have good security. Most of security is built in the implementation of layers. Security is like an onion, there are layers, and as hackers start to peel them they should cry as they find your environment is built with layers of headaches for them. Monitoring these systems are just as important as building them as you need to know when an attack is underway so you can safeguard your resources. In the city’s case they knew the attack was occurring and had to pull the plug on their email gateway until they could implement something better.
Partnering with Rooted Technology Solutions allows your business to have direct access to a security expert and a dedicated systems engineer to ensure that security is by design and not an afterthought.
In summary, don’t underestimate the ever growing cyber threat and don’t be the easiest target out there.
If you’d like a free consultation for your business contact me and we can setup a meeting.
MCSE, MCTS, VCP-DV, CCDA, CCNA Security
CEO & Senior Systems Engineer
Rooted Technology Solutions, LLC
Serving Mobile and Baldwin County Alabama