Nearly a week after it became the target of one of the largest ransomware attacks to date, the City of Atlanta has made progress toward recovery, but it is still far from business as usual. Hackers encrypted many of the city government's vital data and computer systems.

The ransomware attack, which Mayor Keisha Lance Bottoms characterized as "a hostage situation," forced the city to shut down municipal courts and even prevented residents from paying bills online. The city has been unable to issue warrants, and in many cases city employees have had to fill out forms and reports by hand.

The hackers demanded that officials pay a ransom of US$51,000 to be sent to a bitcoin wallet.

Threat researchers from Dell-owned Secureworks, which is based in Atlanta, have been working to help the city recover from the attack.

The security firm identified the assailants as the SamSam hacking group, The New York Times reported on Thursday. That organization has been known for similar ransomware attacks; it typically makes ransom demands of $50,000 or more, usually payable only with bitcoin.

Secureworks has been working with the city's incident response team as well as the FBI, the Department of Homeland Security and the U.S. Secret Service. In addition, a number of independent experts, including researchers from Georgia Tech, have been called in to determine how the attack occurred and help strategize to prevent another such attack.


New reports shed light on the current state of ransomware payouts and also reveals concerns about IoT cyber-risks.

Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape.

In the aggregate, the reports provide a snapshot of some to the top concerns facing enterprise IT today, including cryptocurrency mining, ransomware and IoT threats.

Among the reports, the Shared Assessments Program and the Ponemon Institute released a study on third party risk, that reveals a significant level of concern about IoT devices. Recorded Future's study looked at top vulnerabilities, finding that Microsoft software products are a top target, outpacing Adobe Flash. SentinelOne released a report on the current state of ransomware and Vectra's report looks at crypto-currency mining operations.

Among the top-level findings in the study is that organizations have a high degree of concern about IoT risks. 97 percent of respondents indicated that the likelihood of a security incident related to unsecured IoT devices could be catastrophic for their organization.

Also of note, 81 percent reported that they expect a data breach to be caused by an unsecured IoT device in the next 24 months. Ransomware related to IoT device insecurity is another key concern, with 60 percent of organizations worried that the IoT ecosystem is vulnerable to ransomware attacks.

While there is plenty of concern about IoT device risks, few organizations are apparently doing much to mitigate the risk.  Less than half (46 percent) indicated they have a policy in place to disable risky IoT devices and only 28 percent said that IoT-related risk is included as part of third party due diligence.


On March 27, Recorded Future released its top vulnerabilities of 2017 report, revealing that Microsoft application vulnerabilities became more popular with cyber-criminals than in past years.


You may have heard the term ‘blockchain’ and dismissed it as a fad, a buzzword, or even technical jargon. But I believe blockchain is a technological advance that will have wide-reaching implications that will not just transform the financial services but many other businesses and industries.

A blockchain is a distributed database, meaning that the storage devices for the database are not all connected to a common processor.  It maintains a growing list of ordered records, called blocks. Each block has a timestamp and a link to a previous block.

Cryptography ensures that users can only edit the parts of the blockchain that they “own” by possessing the private keys necessary to write to the file. It also ensures that everyone’s copy of the distributed blockchain is kept in synch.

Imagine a digital medical record: each entry is a block. It has a timestamp, the date and time when the record was created. And by design, that entry cannot be changed retroactively, because we want the record of diagnosis, treatment, etc. to be clear and unmodified. Only the doctor, who has one private key, and the patient, who has the other, can access the information, and then information is only shared when one of those users shares his or her private key with a third party — say, a hospital or specialist. This describes a blockchain for that medical database.

Blockchains are secure databases by design.  The concept was introduced in 2008 by Satoshi Nakamoto, and then implemented for the first time in 2009 as part of the digital bitcoin currency; the blockchain serves as the public ledger for all bitcoin transactions. By using a blockchain system, bitcoin was the first digital currency to solve the double spending problem (unlike physical coins or tokens, electronic files can be duplicated and spent twice) without the use of an authoritative body or central server.

The security is built into a blockchain system through the distributed timestamping server and peer-to-peer network, and the result is a database that is managed autonomously in a decentralized way.  This makes blockchains excellent for recording events — like medical records — transactions, identity management, and proving provenance. It is, essentially, offering the potential of mass disintermediation of trade and transaction processing.


ROUTERS, BOTH THE big corporate kind and the small one gathering dust in the corner of your home, have long made an attractive target for hackers. They're always on and connected, often full of unpatched security vulnerabilities, and offer a convenient chokepoint for eavesdropping on all the data you pipe out to the internet. Now security researchers have found a broad, apparently state-sponsored hacking operation that goes a step further, using hacked routers as a foothold to drop highly sophisticated spyware even deeper inside a network, onto the computers that connect to those compromised internet access points.

Researchers at security firm Kaspersky on Friday revealed a long-running hacking campaign, which they call "Slingshot," that they believe planted spyware on more than a hundred targets in 11 countries, mostly in Kenya and Yemen. The hackers gained access to the deepest level of victim computers' operating system, known as the kernel, taking full control of target machines. And while Kaspersky's researchers haven't yet determined how the spyware initially infected the majority of those targets, in some cases the malicious code had been installed via small-business-grade routers sold by the Latvian firm MikroTik, which the Slingshot hackers had compromised.

Unlike previous router-hacking campaigns that have used routers themselves as eavesdropping points—or the far more common home router hacks that use them as fodder for distributed-denial-of-service attacks aimed at taking down websites—the Slingshot hackers appear to have instead exploited routers' position as a little-scrutinized foothold that can spread infections to sensitive computers within a network, allowing deeper access to spies. Infecting a router at a business or coffee shop, for instance, would then potentially give access to a broad range of users.