This is an automated archive.

The original was posted on /r/cybersecurity by /u/cheddarB0b42 on 2023-08-15 14:14:17+00:00.


Via Cybersecurity Dive:

The Dallas City Council on Wednesday approved a payment of almost $8.6 million to pay vendors for services linked to the cyberattack. The city did not name all of the vendors but previously identified CrowdStrike as its incident response partner. (1)

There has been some chatter on this forum about business managers and their reluctance to plop down funds for adding/growing security people, technology, and processes. When approaching a decision maker, realize that you need to make a sale. Present them with the direct impact to bottom line that a breach can have: dollars lost, operational downtime, brand damage, etc. We are not salesmen, but in order to gain access to the resources to guard our organizations, we do have to sell them on security.

Autopsy.

The bill covers invoices from “various vendors for emergency purchases of hardware, software, professional services, consultants and monitoring services,” the city said in a statement.

This statement implies that they contained their entire infrastructure and built a new ad-hoc infrastructure beside the original one at great expense. Geez. Further, the breach was not detected until June 14, 68 days after the exfiltration of data commenced. Then, it took city officials an additional two months to notify victims of the breach that they had been exposed. Clearly, no incident response plan was in place, or it was ignored, unreferenced, and unrehearsed.

Exposure. The names, addresses, social security numbers, and medical and health information of some 26,212 individuals were exfiltrated by the attackers, according to the State Attorney General. (3)

This attack has been attributed to APT Royal.

References.

  1. section 74
  2. search for “Dallas” 08/07/2023