Government agencies are normally considered a sweet spot among hackers’ fraternity because of their not so advanced data and network protection techniques. But, the more tempting asset for them is what the agencies have to offer.
What interests hackers about local government?
Municipalities, counties, and other government subsidiaries collect and store large amounts of regional and operational data encompassing sensitive information of its people.
Usually, such databases include personally identifiable information (PII) like Social Security numbers, birth dates, email addresses, phone numbers, and photo IDs.
However, depending upon the type of operation an agency handles, the list may expand to driver’s license numbers, employee payroll information, payment card information, court records, and more.
What makes them an easy target?
Cyber-threat actors continuously explore low-risk targets and something they can monetize without using highly sophisticated tools.
Their infrastructure often lags in cybersecurity and there is a dearth of IT or security staff to keep a log of every activity.
Many municipalities and districts operate older systems and generally partner with third-party IT vendors for tech support, which may not be always safe.
Further, due to the lack of dedicated staff and no contingency plan in place, victims are compelled to pay up the ransom amount, and hackers know that. Also, agencies can’t afford to go offline because of the dependencies on them.
Attack trend and recent victims
In most of the cases, local bodies are targeted by ransomware adversaries since it provides hackers with quick and strong incentives, which they utilize in planning their next attack. A well planned BEC scam is also a good catch for hackers. Besides, attackers get an upper hand when agencies fail to enforce the mandated protection mechanisms such as employee phishing awareness and training programs.
Below are some recent attacks on various government agencies:
There was a ransomware attack on the Texas Department of Transportation’s network. It was the second ransomware attack impacting the state within a week. Previously, the Office of Court Administration (OCA), Texas, suffered a ransomware attack, knocking off its servers and websites offline.
Fraudsters swindled $10 million funds from Norway’s state investment fund in a BEC scam. The money was meant for a microfinance institution in Cambodia. The scammers exploited a Norfund email address to impersonate an authority in charge of the transaction.
A ransomware attack on Bernard Township of New Jersey knocked off the township’s website offline and halted operations.
Service NSW, the New South Wales government subsidiary, fell victim to a phishing attack after a staffer clicked on a suspicious link enclosed in an email.
Closing lines
A recent report has shown that paying the ransom can, in fact, double your recovery cost. It is advisable to implement protection measures as per reputed security standards and maintain sufficient staff to tackle unfortunate incidents. Also, since phishing is one of the most common attack methods, educating and training employees on a regular basis is still the best practice to start with.