March 15^th – For cyber security professionals who are defending the state of Alabama’s networks, the last couple of weeks have translated to a trial-by-fire. The state has found itself in the crosshairs of a number of cyber attacks that have crippled systems and disrupted critical infrastructure operations for government agencies.

The trouble began on March 6^th, when the city of Birmingham reported major network issues that knocked out law enforcement’s ability to access databases for checking vehicle and warrant status. Although city officials have not said much about the incident, all signs indicate that a cyber attack led to operational disruption.

On March 12^th, Alabama’s state networks came under a massive distributed denial-of-service (DDoS) attack, which authorities have since attributed to the Russian-backed hacktivist group Anonymous Sudan. The group has a reputation for deploying large-scale DDoS attacks against nations.

State response

Alabama Governor Kay Ivey acknowledged the attacks, but downplayed the impact. There was no breach of government networks or data stolen during the attack, said the governor.

Nonetheless, multiple state agencies have confirmed ongoing issues in attempting to access systems and online services. The incident represents an example of how hackers half way across the world can send officials scrambling to safeguard computer systems.

Sabotage solutions

For CISOs and cyber security leaders, these events underscore the need for comprehensive, multi-layered prevention and defense capabilities that can withstand and rapidly respond to varied attack types.

• To ensure that you can restore operations quickly after a cyber attack, maintain a reliable backup system and well-tested recovery processes. This includes backup schedules, off-site storage and stringent data recovery drills to validate restoration capabilities.
• Also ensure that your organization has plans and procedures in-place that can help you maintain essential business functions in the event that systems are compromised due to an incident, like the DDoS attack that Alabama is contending with.
• Proactively prevent large-scale DDoS attacks by ensuring network redundancies, strong web application firewalls, and adaptive traffic filtering. Coordinating with IPS and cloud service providers on DDoS response is also advisable.
• Round-the-clock threat hunting operations to actively monitor for and investigate anomalies can pay dividends in terms of early detection of attacker activities.
• Another measure to take includes deploying advanced endpoint detection and response (EDR) tools across all endpoints. This can provide stronger visibility and prevention capabilities.

For more on the DDoS disruption in Alabama, please click here. For additional cyber security best practices, please click here. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.