As ransomware attacks continue to plague local government entities – the Bexar County Assessment District was the latest victim – hackers’ methods and organizations have become more sophisticated. At least one hacker group identified by the FBI appears to have an HR department, performance reviews, and an “employee of the month.”
Professionals simulated these complex, highly targeted attacks this week at a student competition in San Antonio, sponsored by Raytheon Technologies, to train and recruit the next generation of cybersecurity professionals.
The National Collegiate Cyber Defense Competition finals, held at the Hyatt Regency Hill County Resort and Spa from Thursday to Saturday, saw 10 teams from 10 schools across the country play defense against coordinated cyberattacks. More than 150 other teams had already been eliminated before this week.
The competition is the largest of its kind in the country, organizers said.
Students in the teams played the role of cybersecurity professionals protecting a company under active attack from intruders. Meanwhile, behind closed doors, real cybersecurity professionals played the role of the hackers, seeking to disrupt and shut down system after system: emails, cloud-based servers, internal data and even the help desk. . Points were awarded to teams that repelled attacks and restored their systems as quickly as possible.
Inside the team room at the University of Texas at Austin, sophomore Rishabh Ahlawat worked hard to set up a firewall that would protect the Longhorns’ cloud servers and even the would alert new intruders.
Team computers strewn across desks displayed blue screens and massive walls of coded text.
“It’s stressful, but it’s kind of fun stress,” Ahlawat said. The team was losing points for every minute a product server was down. His lunch had remained intact in his paper bag.
Ahlawat said that upon entering college, he did not envision a future in cybersecurity. But competitions like this convinced him to enter the field after graduating.
His story illustrates a powerful reason why Raytheon Technologies, one of the world’s largest intelligence contractors and defense manufacturers by revenue, sponsored the annual competition, now in its 17th year. About two dozen company professionals helped organize the event, acting as performance evaluators and acting as hackers and clients.
“That’s what you don’t get in the classroom,” said Jon Check, senior director of cyber protection solutions for Raytheon Intelligence & Space, a subsidiary of Raytheon. He said the competition provides a way for students to hone their skills and see how the concepts they are studying apply to the real world.
Of course, in real life, cybersecurity more frequently takes the form of pre-emptive defense and recovery, rather than the intensive, condensed exercises experienced by these students. But cases like this still happen.
Ransomware attacks have been on the rise for years in Texas, as they have across the country.
In Texas, there were just under 300 ransomware attacks in 2021, up nearly a third from 2020, according to FBI cybercrime statistics.
In 2016, the FBI recorded 37 such attacks in the state.
In Bexar County, hackers last year launched a ransomware attack on the Judson Independent School District, for which the district paid more than $500,000 to recover sensitive data. In March, the Bexar County Assessment District found itself the target of an attack, although IT professionals detected the infiltration before it progressed throughout the network. A spokesperson for the county department, critical systems were restored within days and, as of this week, the restoration of all affected systems was “99% complete.”
Deputy Chief Evaluator Scott Griscom said he could not say how the attackers got into the system, given that the final findings of the investigation are not complete, but initial suspicions that it came by e-mail were refuted.
Efforts are increasing to counter these attacks. The White House recently signed legislation that will require a wide range of public and private entities affiliated with critical infrastructure to publicly disclose details of cyberattacks, including whether the organization has paid a ransom.
“It’s a big deal,” Check said, because historically many companies have chosen to just hide it. For example, Equifax, a consumer credit reporting agency, waited weeks before telling its 143 affected customers that their private data could be free. Check said disclosing the hack helps law enforcement identify repeat attackers, puts other organizations on alert, and helps cybersecurity professionals know what kind of attacks to look for.
Elias Bou-Harb, director of UTSA’s Cyber Center for Security and Analytics, said one of the reasons ransomware attacks are on the rise is that the infrastructure to launch them has become more accessible. . He said there are now rogue service providers selling off-the-shelf tools to launch ransomware attacks, so hackers no longer need to have as much technical expertise.
Some of these tools for rent even scour the Internet for vulnerable systems.
“The threat landscape is crazy. We are in a cyberwar,” Bou-Harb said.
As cyberattacks become increasingly sophisticated, there are ways to reduce the risk of attack, experts say, for both individuals and organizations.
It’s important to back up systems (making sure those backups actually work, Bou-harb says), avoid reusing passwords (the jury is still out on writing passwords), and be careful to what you click on in emails.
And to avoid encouraging future attacks, entities and individuals should not pay ransoms. “If you pay once, you’re probably opening a door for yourself,” Bou-Harb said.