(MENAFN- Arab Times) US federal agencies have increased cybersecurity measures since the hacking at the Office of Personnel Management, but more work is necessary to help prevent further attacks, the results of a 30-day effort to raise standards showed on Friday. The White House's Office of Management and Budget kicked off a cybersecurity sprint¡± last month after the hacks that put the personal data of more than 22 million Americans at risk, directing agencies to strengthen their networks and report back.
In a blog post about that effort, the White House's Chief Information Officer Tony Scott said federal civilian agencies had increased use of "strong authentication for privileged and unprivileged users" from 42 percent to 72 percent. Many were still not up to the highest standards set by OMB, however. "We still have more work to do," Scott said. A team of more than 100 government and private industry experts are reviewing the government¡¯s cybersecurity ¡°policies, procedures and practices¡± and will issue an assessment in the coming months, he said.
The social security numbers and credit card details of up to 6,000 University of Connecticut students, faculty and others may have been stolen by cyberhackers from China, the university said on Friday.
Officials detected a potential breach of the School of Engineering's network in March and an investigation uncovered that hackers may have gained access to it as early as September, 2013, spokesman Tom Breen said. He said 6,000 students, faculty, alumni and research partners of the school were notified that their personal information may have been compromised. Impact "The breach is far more extensive, could impact many more accounts and started much earlier than we originally believed," said Breen. "There is no way at the present time to determine the exact number of accounts hacked," he added. Breen said the hack has been traced to China " based on the type of cyberattack that was launched, and the software used." He added the FBI and several state agencies have been notified. The university said it was also taking steps to secure its systems.
Avillage in central New York made ransom payments of $300 and $500 last year to keep its computers running after two official-looking emails released malware throughout its system, state auditors said. The comptroller¡¯s office, which has audited 100 municipal computer systems the past three years, said Ilion¡¯s experience should warn others of the growing threat, which can infiltrate computers and make them inaccessible. The big problem for the village of 8,000 was its financial software. "The payroll, village accounting systems, they were all locked up," Mayor Terry Leonard said. Other agencies across the country have also dealt with the malicious software known as ransomware.
In Maine this year, Lincoln County sheriff's office computers were infected and held hostage. Sheriff Todd Brackett said after several attempts to retrieve the records, his agency paid a ransom of about $300 and the FBI helped track the payment to a Swiss bank account but failed to identify the hackers. In suburban Chicago, the Midlothian village police paid a $500 ransom in bitcoin, a digital currency that's virtually untraceable, to get its files unencrypted. Ilion officials have endorsed new security steps and trained staff last year specifically on looking out for suspicious emails.
They have been working with the auditors who identified various security gaps. They haven't had another attack since, Leonard said. According to state auditors who investigated last summer, the first email attachment converted all data stored in the system into an unreadable encrypted format. A$300 ransom payment in January 2014 was made as directed, electronically transmitting the number of a prepaid credit card to a designated portal. Ilion's technology consultant entered the card number to get the decryption keys.
The second email, which also appeared to be for village business, led to more encryption and a $500 ransom payment in May 2014. These incidents should be a wakeup call to local government officials around the state, Comptroller Thomas DiNapoli said. "While the dollar amounts were small and no vital information was disclosed, this attack shows how the lack of basic IT safeguards can potentially cost taxpayers and cripple the day-to-day operations of municipalities or school districts.
The auditors cited user accounts for ex-employees that hadn't been closed, generic accounts used by more than one individual, lack of a recovery plan for security incidents with backup data, and staying current about ongoing threats. Village police were contacted, but the hackers weren¡¯t identified, Leonard said.
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.