The Boys in Blue Battle the Black Hats

0

Even if you haven’t seen the classic sci-fi movie “The Terminator” you’re probably familiar with Arnold Schwarzenegger’s famous line “I’ll be back.” I thought of that scene after reviewing reports of how our PARANOID solution recently thwarted cyber attacks targeted at police departments.

Schwarzenegger plays a killer robot sent from the future to find a woman Sarah Connor. After escaping her first encounter with the Terminator, Connor is in a police station. A detective assures the terrified woman that “you’ll be perfectly safe. We got 30 cops in this building.”

The Terminator arrives at the police station and checks-in with the desk sergeant, who turns him away. Schwarzenegger utters his classic one-liner, leaves, and then returns by crashing a car through the station’s walls. Chaos ensues.

Connor and the police officers felt a false sense of security in fictional 1984, and so do any present-day law enforcement professionals who assume no malware author would be foolish enough to launch a cyber attack against their facilities.

As TechCrunch’s Zack Whittaker discovered, attackers are ambivalent about the fact they may place law enforcement professionals’ lives at risk.

Whittaker broke the story a breach of three web sites sites associated with the FBI National Academy Associations. His article includes this chilling exchange between him and one of the hackers via an encrypted chat:

“We hacked more than 1,000 sites. Now we are structuring all the data, and soon they will be sold. I think something else will publish from the list of hacked government sites.” We asked if the hacker was worried that the files they put up for download would put federal agents and law enforcement at risk. “Probably, yes,” the hacker said.

We recently saw first-hand how attackers target police departments when one of our customers, the police department of one of the largest cities in the U.S., found itself in the crosshairs. PARANOID detected several security events targeting multiple endpoints and determined they were caused by Andromeda.

Also known as “Wauchos” or “Gamarue,” the botnet is a strain of malware that has been around since 2011 and “lived” through five major versions. It is designed to steal credentials and to download and install additional malware onto compromised systems. It spreads in many ways including malicious attachments, phishing campaigns, via mostly dubious websites and by infected detachable devices (e.g., USBs).

While Andromeda was able to slip past the department’s traditional endpoint security solutions, PARANOID detected the unusual behavior, and prevented any further spread of malware. In addition, we recommended raising awareness among all employees on the importance of following information security best practices and the risks removable storage devices can present.

Nyotron helps law enforcement agencies apply that same constant vigilance to their endpoints and the data users create and store on them. Because even after thwarting cyber attackers, one thing’s for certain:

They’ll be back.

Rene Kolga is Senior Director of Product and Marketing at Nyotron, the developer of PARANOID, the industry’s first OS-Centric Positive Security solution to strengthen your AV or NGAV protection. By mapping legitimate operating system behavior, PARANOID understands all the normative ways that may lead to damage and is completely agnostic to threats and attack vectors. When an attack attempts to delete, exfiltrate or encrypt files (among other things), PARANOID blocks them in real-time.