Happy Friday my friend, The Hawaii Department of Homeland Security (DOHS) just announced that there has been a recent event impacting the state’s airports. Over the past week there has been a coordinated DDoS (distributed denial of service) attack which may be linked to the events made headline news around other airports around the country. The DOHS release states that the attack may be from a “Russia-based hacker group Killnet” and the attack was focused on systems hosting the landing page for 15 Hawaiʻi airport websites, including the Daniel K. Inouye International Airport. The Takeaway From the limited information currently available, the attack was limited to the state’s airport websites and critical infrastructure systems remain safe. It's important to remember however that Hawaii is a significant target for cybercrime due to our strategic importance. All military bases, installations, contractors, subcontractors, critical infrastructure (such as water and power) as well as Universities within the state of Hawaii are targets for state actors. These latest attacks are a friendly reminder to check your company's security posture: * Does your company use unique passwords for all websites (eg. using a password manager)? * Is 2-factor authentication enabled on all available web services? * Do you still have end of life Windows computers (eg. Windows 7 or Server 2012) running at your organization? * Do you have a structured employee security awareness training program in place and being followed by all employees? * Do you have a centralized antivirus, patch management tool in place? * Do you follow best practices with regard to least privilege (eg. limiting employee access to files and functions pertaining only to their position at the company)? Good cyber hygiene is something we all know how to do! To quote Samuel Johnson, a dictionary lexicographer from the late 1700's, "People need to be reminded more often than they need to be instructed." As we are in the middle of National Cybersecurity Awareness Month, keep an eye out for announcements and check out our social media feed where we'll be posting cybersecurity tips during the month of October!
Stay safe out there -A