3/19/20

1

North Carolina State of Cyber

Cybersecurity for Municipal Attorneys

Maria S. ThompsonState Chief Risk Officer

1

2019 Global Social Engineering Attacks

Source: 2020 State of Phish - Proofpoint

2

2019 Global Social Engineering Attacks

Source: 2020 State of Phish - Proofpoint

3

3/19/20

2

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

• Business disruption was the main attack objective• Credential dumping was the most frequent technique used• Dwell time increased from 85-95 days. The use of stronger countermeasures allow

them to stay hidden longer• Both Malware (49%) and malware-free (51%) intrusions were just about equal in use• Attackers are more deliberate and targeted in their efforts to automate Active Directory

reconnaissance.• Third-party compromises serve as a force multiplier for attacks • Attackers are targeting cloud infrastructure as a service (IaaS). Targeting of API keys is

increasing• Macs are now clearly in the crosshairs of the cyber fight. • Patching remains a problem• Many organizations fail to leverage the capabilities of the tools they already have

4

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

5

Attackers Focus – Key Findings

Source: 2020 Crowdstrike Services Cyber Frontlines Report

6

3/19/20

3

Attackers Focus – Key Mitigations

Source: 2020 Crowdstrike Services Cyber Frontlines Report

7

Attackers Focus – Key Mitigations

Source: 2020 Crowdstrike Global Threat Report

8

2019 SLTT Ransomware Attacks

9

3/19/20

4

2019 NC Reported Ransomware Attacks

Date Affected Entity Ransomware VariantMar 2019 Orange County (hit 3 times in 6 yrs) Ryuk

Mar 2019 Pasquotank-Camden EMS Unknown

Mar, 2019 Robeson, NC Ryuk

Apr, 2019 City of Greenville RobinHood

Jul, 2019 Richmond Community College RyukAug 2019 Lincoln County Sheriffs Off/911 (X2) DopplePaymer

Sep 2019 Wildlife Commission DopplePaymer

Oct 2019 NC State Bar Neshta (dropper)

Oct 2019 Columbus Co School System (x17) Ryuk

Oct 2019 ABC Board (x21) SodinokibiDec 2019 EBCI Sodinokibi (Insider Threat)

10

2020 NC Reported Ransomware Attacks

Date Affected Entity Ransomware VariantFeb 2020 Duplin County RyukMar 2020 Durham County RyukMar 2020 City of Durham RyukMar 2020 Burke K-12 X (24) AKO Mar 2020 Alleghany K-12 PhobosMar 2020 Shelby Co Sheriffs Off/911 Ryuk

11

2019 FBI IC3 Report – North Carolina

Source: 2019 Internet Crime Report

12

3/19/20

5

To Pay or Not to Pay

Source: Proofpoint -2020 State of Phish Report

13

Whole-of-State Cyber Approach• BitSight Monitoring of local county

infrastructure

• Pilot program for continuous monitoring of local county network traffic

• Development of Statewide Significant Cyber Incident Plan

• Establishment of statewide information sharing under HB 217

• Cyber incident response and training support utilizing National Guard Defensive Cyber Operations team and local IT Strike teams

14

Legislative UpdatesHouse Bill 217

"§ 143B-1379. State agency cooperation and training; liaisons; county and municipal government reporting.

ü Updates the definition of what is reportable and adds the term and definition of “Significant cybersecurity incidents”

ü Adds to the liaisons tasks to provide corrective action plans ü Includes Privacy as a requirement and not just Securityü Excludes military personnel identified as security liaisons from requiring background

investigations in lieu of security clearancesü Legislatively mandates cyber awareness training and reporting (includes contractors)ü Requires that county and municipal government report cybersecurity incidents. ü Further clarify that cyber incident information shared to DIT will be protected under

G.S. 132-6.1(c)ü Encourages private sector entities to report cyber incidents

Link to report incidents: https://it.nc.gov/resources/cybersecurity-risk-management/statewide-cybersecurity-incident-report-form

15

3/19/20

6

2020 Federal Cyber Funding Opportunities

16

2020 Federal Cyber Funding Opportunities• The State and Local Cybersecurity Improvement Act (Introduced into the House 2/10/20100

• https://www.congress.gov/bill/116th-congress/house-bill/5823/text

• The State and Local Government Cybersecurity Act of 2019 • https://www.congress.gov/116/bills/s1846/BILLS-116s1846rfh.pdf

• The State Cyber Resiliency Act: • https://www.congress.gov/116/bills/s1065/BILLS-116s1065is.pdf

17

@NCDIT@BroadbandIO@ncicenter

NCDIT

NC Department of Information Technology

NC DIT

Let’s Connect!

it.nc.gov@NCDIT

18