Cybersecurity firm BlueVoyant published a report on August 27, 2020, finding that State and Local Governments have seen a 50% increase in cyberattacks since 2017. The report outlined the cyberattacks as either targeted intrusions, fraud, or damage caused by hackers. BlueVoyant noted that the 50% increase in attacks is likely a fraction of the true number of incidents because many go unreported.
Why?
The main weakness with State and Local Governments is the general lack of a basic security program to educate and govern users while also lacking key technology protections for their networks and endpoints. Additionally, government entities are purchasing cyber insurance as standard operating procedure. Hackers recognize this and target them knowing that cyber insurance will pay out a ransomware demand.
The study validated BlueVoyant’s position that active threat targeting happens across the board:
“For every selected county’s online footprint, evidence showed some sign of intentional targeting,” What’s more, five counties — or 17% of the 28 studied — showed signs of potential compromise, indicating that traffic from government assets was reaching out to malicious networks. There’s a collective risk here because there is no standardization [around security controls]. You have certain state and local [governments] that are on dot-coms and dot-us or dot-orgs. One would think that these should be on the dot-gov domain because [that] means that you not only check the box as being a certified government site, but you get forced two-factor authentication and you’re always going to have HTTPS.”
– Austin Berglas, Head of Ransomware/Incident Response at BlueVoyant
Ransomware
The main method these agencies are attacked is through Ransomware. Ransomware has grown exponentially in recent years, with government entities being attacked weekly. What’s also concerning is the increase in hacker’s extortion demands. Three years ago, the average ransomware demand was $30,000. In 2020, it grew to nearly half a million dollars. Even when municipalities don’t pay, the breach recovery costs can be enormous. The City of Baltimore spent more than $18 million on damages and remediation in a 2019 ransomware attack.
The risk with small governments is similar to the risk with SMBs; they assume they are not at risk due to the size of their organization. What all these entities don’t realize is that hackers target them because they lack proper cybersecurity programs.
Phishing
The other primary attack vector used by hackers on government employees is Phishing. Phishing is a form of social engineering to deceive individuals into doing the hacker’s bidding. Hackers want users to click on malicious links in email which downloads malware granting hackers system access. The report notes that typosquatting was the main reason users were being tricked, a strategy used in Phishing Attacks. Typosquatting uses look-alike domains to fool users into clicking on links. Users land on identically formatted websites that steal their login credentials for the hackers to use. An example is “arnazon.com” instead of “amazon.com”. Now a hacker uses those stolen Amazon credentials to order merchandise delivered to their PO Box.
2020 Election Risks
The upcoming 2020 election opens up the opportunity for hackers to cause more trouble. This puts cybersecurity into the spotlight as the last line of defense against election tampering. Governments need to prepare and develop a strong cybersecurity program ahead of these elections. CyberHoot has a simple and effective set of recommendations for State and Local Governments to protect themselves.
State & Local Government Recommendations
According to Austin Berglas, Head of Romsomware/Incident Response at BlueVoyant, “State and local governments can take three immediate steps to improve their security postures”.
- Implement strong passwords.
- Use unique 14+ character passwords/passphrases stored in a Password Manager.
- Two-Factor Authentication
- Something you know (password), something you have (cell phone), something you are (fingerprint, face ID). Choose and use two of these to authenticate.
- Review and strengthen remote access
- Ensure remote access ports automatically close after use
- Enable Two-Factor Authentication on all remote access
Ransomware & Phishing Protection
CyberHoot also recommends the following additional actions to reduce the likelihood of falling victim to a Ransomware or Phishing attack:
- Educate employees through an awareness training tool like CyberHoot
- Phish Test Employees to keep them on their toes
- Follow the 3-2-1 backup method for securing all your critical and sensitive data
- Govern employees with cybersecurity policies
- Purchase and train your employees on how to use a Password Manager
- Follow proper Internet etiquette and protect others from phishing attacks using your domain name by setting up SPF, DKIM and DMARC records to block emails from using your domain name in their attacks.
No matter what sort of attack vector hackers are using, following these recommendations is a great starting point in building a strong defense-in-depth cybersecurity program.