When we think of cyber security weaknesses or outright cyber attacks we tend to think of the targets as large corporations or a Federal government agency or department. It also doesn’t surprise us to hear of state governments or banks as targets from hackers and cybercriminals. But local governmental units like counties, cities are actually at a greater risk than most realize.
Ransomware attacks are one of the most common forms of cyber attacks on local government. Some local governments simply choose to pay the ransom. Laporte County, IN paid $132,000 in Bitcoin to hackers after they bypassed their firewall and corrupted their backups. Ransom demands have increased from a 2017 average of $30,000 per incident to $380,000 per incident and will only continue to increase. Others choose to not acquiesce to the hackers demands. The city of Pensacola, FL was hit with a $1 million ransomware demand. They opted to not pay but still had to spend almost $400,000 to a cybersecurity firm to harden their systems. And that was after their own staff rebuilt it from backups.
The Department of Homeland Security has warned that nation states and organized criminal syndicates are some of the most prolific hackers local governments have to deal with. While the idea of a lone actor scanning networks from his basement is possible. Most attacks come from much more organized sources. That’s why it’s extremely important for local governments to use resources wisely. It’s wiser and less expensive to fortify against an attack than to repair the damage in the aftermath. Below are some simple tips to help local governments harden themselves against cyber attacks.
- Remind users to update passwords and enforce password policies
- Train users to recognize phishing attempts
- Apply all VPN and firewall security updates
- Avoid using default VPN settings
- Monitor access points and investigate any concerning event logs
- Reduce VPN gateway attack surfaces
- If using Office 365 turn on Antimalware Scan Interface for Office VBA
Below are some helpful links that outline details on specific security issues that relevant today. Special attention should be paid to Citrix VPNs as their vulnerabilities an arbitrary code execution flaw. And Pulse Secure’s VPN vulnerability is an arbitrary file reading. The articles linked below give specific technical details.
https://us-cert.cisa.gov/ncas/alerts/aa20-259a
https://www.securitymagazine.com/articles/92759-nsa-warns-vpns-could-be-vulnerable-to-cyberattacks
https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/
https://www.ciodive.com/news/vpn-vulnerabilities-dhs-cyber-awareness/578028/
Comments are closed