Last week’s recent ransomware attack on the city of Dallas, which has seen lingering ill effects into this week, serves as yet another reminder for us to remain ever vigilant and educated about the dangers of cyber threats, including call-back phishing attacks. Incidents can have severe consequences, affecting the daily operations and sensitive information of organizations impacted. In this blog post, we’ll recap the Dallas ransomware attack, discuss how it happened, and outline what you can do to protect our school district from similar threats.
The Dallas Ransomware Attack:
The city of Dallas was recently targeted in a ransomware attack that impacted its IT services and police communications, causing significant disruptions. The attackers used a technique called call-back phishing, which allowed them to infiltrate the city’s systems and deploy ransomware. You can read a detailed summary of the incident in this article from BleepingComputer: https://www.bleepingcomputer.com/news/security/city-of-dallas-hit-by-royal-ransomware-attack-impacting-it-services/
What is Call-Back Phishing?
Call-back phishing is a type of social engineering attack in which cybercriminals impersonate legitimate organizations or authority figures, often through emails instructing recipients to call a phone number. In the Dallas incident, the attackers sent emails impersonating food delivery and software providers, pretending to be subscription renewals. These emails contained phone numbers that connected the victims to a service hired by the Royal threat actors. When victims called the number, the threat actors used social engineering to convince them to install remote access software, allowing the attackers access to the city’s network.
How Can We Protect Ourselves?
To protect our school district from similar cyber-attacks, it’s essential for all staff members to be aware of call-back phishing techniques and take the necessary precautions. Here are some tips to help you stay safe:
- Remain cautious when it comes to your emails and phone calls: Always be skeptical of unexpected or unsolicited emails and phone calls, especially those that ask for sensitive information or urge you to take immediate action.
- Verify information: If an email or phone call seems suspicious, contact the person or organization directly using known contact information, not the information provided by the sender or caller. This is crucial for ensuring that you are communicating with a legitimate representative and not disclosing information to potential scammers.
- Don’t follow instructions blindly: If an email instructs you to call a phone number, make sure to verify the legitimacy of the number before calling. If you’re unsure, reach out to the company or individual using previously known contact information to confirm the request.
- Be wary of installing software: Do not install remote access software or any other applications at the request of a caller unless you have verified their identity and confirmed the legitimacy of the request. When in doubt, don’t.
- Use strong, unique passwords: Create strong passwords for all your accounts, and avoid reusing the same password across different platforms services.
- Keep software updated: Our school district uses SentinelOne as our endpoint detection and response solution, which is remotely managed and updated by the IT department. This helps ensure that your district devices are protected against known security vulnerabilities. While this helps mitigate against bad actors, it’s also critical to keep software up to date on both district and personal devices.
- Report suspicious activity: If you encounter a potential call-back phishing attempt or believe your account has been compromised, report it immediately. If you ever feel that you have mistakenly disclosed private information or granted unauthorized access, please submit a service request. Remember, the sooner we address the mistake, the safer both staff and student information will be. Please don’t worry about being chastised for a mistake (we all make missteps); our priority is the safety and security of our digital environment including student and staff data.
Thanks for continuing to stay informed and vigilant!