Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Hackers Targeting South Carolina DMV Underscores Security Realities

The Department of Motor Vehicles (DMV) may not be many people’s favorite place, but in South Carolina, it has apparently become a magnet for hackers.

The Department of Motor Vehicles (DMV) may not be many people’s favorite place, but in South Carolina, it has apparently become a magnet for hackers.

Hackers Target DMV DatbasesLast week, South Carolina DMV Executive Director Kevin Shwedo told a panel of senators the FBI visited DMV recently to identify vulnerabilities in its computer system which will need to be fixed with new firewalls, as well as investments in encryption to secure sensitive data.

“I get pinged virtually every night from countries like China, Pakistan, the Czech republic, Syria and others,” he was quoted as saying by the Greenville News.

How the attacks had been attributed to those countries was not revealed, but some say the situation underscores the reality that organizations of all shapes and sizes can come under attack – and that means IT professionals need to take measures to assess their security posture.

“Security is a process, not a product,” said Scott Waddell, vice president of technology at iovation. “So you really have to think in terms of securing what you’ve got, monitoring that security, testing it regularly – ideally through third-party, internal and external security assessments – and then making sure you’ve got executive buy-in to effect change to improve security following the best practices that come from both the consultants and the dedicated staff you have on the team to focus on that day in and day out.”

According to reports, the DMV has been hit with about 90 intrusion attempts between Jan.1 and Feb. 2, all of which the agency said it has deflected.

“Nobody should be surprised if they are targeted online, especially those organizations that collect and store sensitive data,” said Josh Shaul, CTO of database security firm Application Security. “DMVs and other agencies that issue official identification will always be prime targets for attack. Their comment about having had around 90 intrusion attempts this year is very vague. That sounds like a small number, but who knows what they count as an ‘attack’. The more interesting question for me is how do they know? Could there have been other attacks that they didn’t detect and therefore didn’t stop?”

The agency will never succeed in protecting their databases simply by adding more firewalls as there are too many ways “around and through the network perimeter for that to be an effective measure,” he said.

Though he agreed it was hard to assess the report of 90 attacks without more information, Rapid7 researcher Marcus Carey also noted that the FBI does not typically pay an onsite-visit to the DMV unless there is a significant issue. When it comes to organizations assessing their security posture, Carey suggested implementing a vulnerability management program and configurations to identify all assets, software and what their risks are. Organizations should also develop incident response and business continuity capabilities, including organization-wide security threat awareness training for security administrators, management and users.

Advertisement. Scroll to continue reading.

“Encryption and masking are also often considered a silver bullet for database security, but only solve a few specific problems,” Shaul said. “The truth is there is no silver bullet for databases. To keep them secure, its takes good hygiene. That means scanning for vulnerabilities, misconfigurations, and access controls, fixing the problems you find. Of course it is not realistic to believe that everything will be fixed, so what isn’t fixed must be monitored, so if and when something goes wrong, you know it immediately and can respond before damage is done.”

Shwedo noted that other state and federal agencies are consistently under attack. So are companies in the private sector. Last week, ICS-CERT (Industrial Control System Computer Emergency Readiness Team) issued an alert to warn critical infrastructure companies of secure shell (SSH) scans of Internet-facing control systems. According to ICS-CERT, an electric utility reported experiencing unsuccessful brute force activity against their networks.

“You’ve got to stay abreast of network security issues,” Shwedo said. “We’re going to do everything we can to prevent an intrusion. And we’re going to make sure we’ve got the right hardware and the right software and the right encryption to protect that information.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet