The University of Virginia cybersecurity team works to protect system servers during a simulated hack as part of the National Student Cyber Defense Challenge. Credit: Scott Ball/San Antonio Report .
As ransomware attacks continue to affect local governments (the Bexar County appraisal district was the most recent victim), hacker methods and organizations have become more sophisticated. At least one FBI-identified hacker group has a human resources department, performance reviews, and “employee of the month.”
The professionals simulated these sophisticated and targeted attacks this week at a San Antonio student competition sponsored by Raytheon Technologies to educate and recruit the next generation of cybersecurity professionals.
In the National Student Cyber Defense Finals, held at the Hyatt Regency Hill County Resort and Spa Thursday through Saturday, 10 teams from 10 schools across the country played defense against coordinated cyber attacks. So far this week, more than 150 other teams have already been eliminated.
According to organizers, the competition is the largest of its kind in the country.
The students in the teams acted as cybersecurity specialists protecting the business from active attacks by intruders. Meanwhile, behind closed doors, real cybersecurity professionals acted like hackers, trying to take down and disable one system after another: email, cloud servers, internal data, and even help desk. Points were awarded to teams that repelled attacks as quickly as possible and restored their systems.
In the equipment room at the University of Texas at Austin, sophomore Rishab Ahlawat has been hard at work installing a firewall that will protect Longhorns cloud servers and even warn them of new intruders.
Work computers scattered across desks displayed blue screens and huge walls of coded text.
“It’s tense, but fun,” Ahlavat said. The team was losing points every minute the product server was down. His lunch was unharmed in a paper bag.
The University of Texas Cyber Security team works to secure and secure their simulation data during the National Cyber Defense Student Competition.
The University of Texas at Austin cybersecurity team works to secure simulation data during the National Cyber Defense Student Competition. Credit: Scott Ball/San Antonio Report.
Ahlavat said that when he first entered university, he did not envision a future in cybersecurity. But competitions like these convinced him to take the field when he graduated.
His story illustrates a good reason why Raytheon Technologies, one of the world’s largest defense manufacturers and revenue intelligence providers, sponsors the 17-year-old annual competition. About two dozen of the company’s specialists helped organize the event, acting as performance testers and acting as hackers and customers.
“This is something you don’t get in the classroom,” said John Chek, senior director of cyber defense solutions at Raytheon Intelligence & Space, a Raytheon subsidiary. He said the competition gives students the opportunity to hone their skills and see how the concepts they are learning apply to the real world.
Of course, in real life, cybersecurity often takes the form of proactive defense and recovery rather than the condensed, intense exercises that these students go through. But such cases do happen.
Ransomware attacks in Texas, as well as throughout the country, have increased over the years.
There were just under 300 ransomware attacks in Texas in 2021, almost a third more than in 2020, according to FBI cybercrime statistics.
In 2016, the FBI recorded 37 attacks of this type in the state.
Last year in Bexar County, hackers launched a ransomware attack on the Judson Independent School District for which the district paid more than $500,000 to recover sensitive data. In March, the Bexar County Asset was attacked, but IT discovered the intrusion before it spread through the network. A spokesman for the county department said that critical systems were restored within days, and as of this week, the restoration of all affected systems was “99% complete.”
Evaluation Deputy Chief Scott Griscom said he couldn’t say how the attackers got into the system as the final results of the investigation are pending, but initial suspicions that they came via email have been refuted.
Efforts to counter these attacks are on the rise. The White House recently signed legislation that requires a wide range of public and private organizations involved in critical infrastructure to publicly disclose details of cyberattacks, even if the organization has paid a ransom.
“It’s a big problem,” Chek said, as historically many companies have preferred to just hide it. For example, Equifax, a consumer credit information agency, waited several weeks before informing its 143 affected customers that their personal data could be lost. Check said disclosure of the breach helps law enforcement identify repeat attackers, alerts other organizations, and helps cybersecurity professionals know what types of attacks to watch out for.
Elias Bou-Harb, director of UTSA’s Center for cybersecurity and Analytics, said one of the reasons ransomware attacks are on the rise is that the infrastructure to run them has become more accessible. He said there are now illegal service providers selling ready-made tools to launch ransomware attacks, so hackers no longer need to be tech-savvy.
Some of these rental tools even scour the Internet for vulnerable systems.
“The threat landscape is insane. Cyber war is imposed on us,” Boo-Harb said.
While cyberattacks are becoming more sophisticated, experts say there are ways to reduce the risk of attacks for both individuals and organizations.
It’s important to back up your systems (make sure those backups really work, Boukharb says), avoid password reuse (it’s not yet known if passwords need to be written down), and be careful what you do.