I have often made the statement “Cyber Criminals will never let a crisis go unpunished” and the most recent unrest in the United States is no exception. With the death of George Floyd on May 25th, government agencies around the United States have been on guard against increased activity into their networks. In fact, last weekend the state of Minnesota reported that they had been victimized by a Denial of Service (DDOS) attack. (See Story Here). This came after the city of Minneapolis reported a DDOS attack aimed at its systems, including targeted attacks against its police department. Minnesota’s governor stated that the attack was highly sophisticated but did not succeed in bringing down the state networks. What makes this report interesting is that it was quickly dismissed by other news sources and this “attack” was actually just increased traffic because of the increased interest in the story and how the State and City were handling the situation. This came less than a week after a story of voter registration hacking was debunked in the state of Georgia. (See Story Here). The Georgia Bureau of Investigation found no evidence of an attempted hack and no further investigation was warranted. This raises some question about the ability of some government officials to recognize a legitimate hack or whether the story of a “hack” isn’t being used to further a political agenda. Either of these scenarios should cause some concern for Cyber Security Professionals.
When talking to a security group about security reporting, one of the first conversations we have is how to properly categorize security events. When does an “Event” become an attack and when should it be reported? With an attack every 45 seconds (per Cybersecurity Ventures), security personnel need to be able to recognize and prioritize these attacks and determine whether they merit further investigation. This is also why the use of AI/ML in Cyber security products is on the rise. No internal security team has the ability to handle every event and using these automated types of tools reduces the number of actionable tasks that they need to manage. With security workforce’s stretched to the limit, it is imperative that the tools being used are force enhancers and reduce this overhead. This may not reduce the attempted use of “cyber attacks” to further a political agenda but as more and more governmental agencies move deeper into the cloud environments, politically motivated reporting does nothing to help us solve this problem and, in fact, distracts crucial resources from defeating true attacks. Sadly these events were overshadowed by a true DDOS attack against the Minneapolis Police Department purportedly directed by the Hacktivist group Anonymous (See Story Here). I can only hope that these city and state governments were able to keep the more technically-savvy attackers out of other, more sensitive networks because in the pyramid of Cyber attacks, DDOS remains a pretty low-tech attack.