Local governments are increasingly being targeted by cyber threats. These attacks typically come in the form on ransomware, holding the municipalities’ data hostage until either the ransom is paid or data is restored from a backup.
Examples of ransomware attacks in 2019:
- June 20, 2019: Riviera Beach, Florida, discloses ransomware attack and payment.
- May 7, 2019: City of Baltimore hit with ransomware attack.
- April 2019: Cleveland Hopkins International Airport suffered a ransomware attack.
- April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close.
- April 2019: Hackers stole roughly $498,000 from the city of Tallahassee.
- March 2019: Albany, New York, suffered a ransomware attack.
- March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
From recent research, it appears that many of these attacks start with well-crafted phishing campaigns. AppRiver, a cybersecurity company that provides email security among other products, has released a report that highlights the most prevalent attacks identified by the company during the first half of the year. The report, based on global data compiled by AppRiver’s cybersecurity analyst team, delves into what is being considered a record year for disruptive attacks that appear to be affecting municipalities at an alarming rate. In 2018, AppRiver analysts stated that they “expect to see more disruptive cyberattack events committed by nation states that masquerade as financially motivated attacks.”
The report indicates that in the first six months of 2019, AppRiver quarantined:
- 4 billion spam messages
- More than 124 million emails with malware attached
- More than 20 million spear phishing attacks
It is only a matter of time before these attack groups move on from local governments and target businesses. In order to help thwart these attacks a mix of technologies solutions and end-user training should be deployed. There are a few basic technology solutions that every organization should have deployed. These include:
- A Unified Threat Management (UTM) hardware firewall with the UTM features turned on. This would include AV scanning, malicious website filtering, and Intrusion Prevention System (IPS).
- Antivirus solution that does not only scan based on signatures.
- SPAM filtering solution that can detect and block emails with malicious payloads and phishing emails.
- An image based backup solution that runs at regular intervals, such as hourly. Although it may be time consuming to restore, a backup can prevent the need to pay a ransom in the event of an infection.
End-user training should also be utilized to help employees detect and identify a nefarious email. Phishing emails have become extremely sophisticated and are increasingly hard to spot. A good training program that sends fake phishing emails at regular intervals followed up by training material will ensure that users are aware of the latest threats. This is extremely important in healthcare organizations due to high employee turnover and influx of new employees who may lack previous cybersecurity training.
Ultimately, all organizations are at risk of being a target of malware, whether private, public, or local government. No solution will guarantee 100% protection, but with the right technologies in place and proper end-user training, the risk of infection will be reduced.