Please ensure Javascript is enabled for purposes ofwebsite accessibility
Close Alert

Officials warn U.S. businesses to be on high-alert against cyberattacks

Government officials and experts advise that cyberattacks could target the U.S. (Photo: Kate Hussey, News Channel 12)
Government officials and experts advise that cyberattacks could target the U.S. (Photo: Kate Hussey, News Channel 12)
Facebook Share IconTwitter Share IconEmail Share Icon

The U.S. Government is on high alert for the possibility of the conflict between Ukraine and Russia spilling over into U.S. cyberspace.

This week, a senior FBI cyber official warned U.S. businesses and local governments they should be vigilant against potential ransomware attacks.

The warning comes after data-wiping malware infected hundreds of Ukrainian government websites and hundreds of computers in neighboring countries like Latvia and Lithuania Thursday, adding confusion to Russia's attack.

Lead of Cybersecurity faculty at the University of Phoenix, Stephanie Benoit-Kurtz, said even businesses and entities in Eastern North Carolina could be targeted by a Cybersecurity attack.

Benoit-Kurtz said the CISA, or Cybersecurity Infrastructure Agency, has already issued a shields up warning, alerting Americans to that exact kind of security threat.

"That means American companies and individuals are potentially at risk for increasing Russian hacking attempts on essential services, critical infrastructure, and financial services," said Benoit-Kurtz.

That means not only are big targets, like large-scale infrastructure at risk, but small businesses, local hospitals and governments, even your own personal data could be targeted too.

"These bad actors are looking for ways to shut down systems and monetize," said Benoit-Kurtz. "If I can shut down your small business and you have to pay me a ransom of $20-30,000 to get back online, I'm able to monetize that," said Benoit-Kurtz.

Benoit-Kurtz said the types of attacks that are documented by the media to date include a specific malware that can upload and download files from infected machines in a way that allows new hacking capabilities to be added over time, as well as another software that's been known for attacking small and home offices since June of 2019.

Officials with CarolinaEast Medical Center in New Bern said they've been beefing up their cybersecurity for some time now and are on high-alert for any suspicious activity.

That's something Benoit-Kurtz is urging others to do too.

"Some of this malware we've talked about actually takes all of your data, so you could lose not only the access to your systems but all of your data, so your company could be completely down," said Benoit-Kurtz. "It's critical you be as proactive as possible."

Benoit-Kurtz said there are many ways for you to protect yourself and your company or organization against a cyberattack.

The CISA, in conjunction with other government agencies that includes the Department of Homeland Security, military, law enforcement, and the U.S. Intelligence community, are currently monitoring the threat environment 24/7 to evaluate the current activity and threat situation. The National Cyber Security Centre (NCSC) has issued a list of security measures to take as the threat levels continue to increase. These include:

  • Check your system patching: Ensure patching is up to date on laptops, desktops, service, and mobile devices
  • Verify access controls: Validate that staff have robust passwords and are not reusing social media or personal account logins and passwords
  • Ensure defenses are working: Validate that antivirus, antimalware, and firewalls are updated and functioning correctly, this includes testing through scanning
  • Logging and monitoring: Make sure that there is documentation surrounding monitoring, including length of retention and where those repositories are
  • Review your backups: Validate that you have current backups and that they are protected from Ransomware
  • Incident plan: Validate that the IR plan is updated and has all required contacts in case of an incident
  • Check your internet footprint: Understand the publicly accessible assets and make sure to conduct vulnerability scans. Patch all vulnerabilities as soon as possible.
  • Phishing: Validate that employee reporting of phishing emails is operational
  • Third-party access: Understand what third parties have access to your organization and monitor access to systems and data.
  • Brief your organization: Ensure that business teams throughout the organization understand the situation and the heightened threat. The CISA has a set of free Cybersecurity Services and Tools that can be leveraged to help the organization further advance its security posture.

Loading ...