IT REPORT: High Value Targets of Cyberattacks (Municipal & City Governments)

Douglas Poirier, President and CEO of Umbral Technologies

The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.

Twice as many cyberattacks on local governments were recorded last year over the previous year.  Several causes, including the increased sophistication of hackers, the widespread adoption of cloud computing by governments, and a dearth of investment, resources, and knowledge in cybersecurity on the part of many local governments, certainly account for the uptick in incidents.

 There are many forms and vectors of Cyber Attacks.

Cybercriminals have a wide variety of tools at their disposal to launch attacks against local governments. Among the most typical forms of cybercrime are:

  • Phishing: In this form of cyberattack, the attacker poses as a trusted organization, like a bank or credit card firm, and sends a convincing email or text message. Malware is delivered to the recipient's device when they access a link or open an attachment in an email or text message.
  • Malware: Malware, short for "malicious software,". It is software with malicious intentions. Phishing, hacked websites, and email attachments are all ways that malware can propagate.
  • Ransomware: Ransomware encrypts the user's files then cyber criminals asks for money in exchange for the decryption key.
  • Data Breaches: A data breach is defined as theft of confidential information from a computer system, such as names, addresses, or credit card numbers. Multiple factors, including hacking, phishing, and malware, can lead to a data breaches.
  • Denial-of-Service (DoS) Attacks: Denial-of-service attacks aim to disrupt the service of users to a networked computer system or website. Flooding the system with requests is one method of launching a denial-of-service attack, but infrastructure attacks are another.
  • Distributed denial-of-service (DDoS) attacks: These are DoS attacks carried out by a large number of computers working together. Due to the increased effort and resources needed, DDoS attacks are far harder to fight against than DoS attacks.

Consequences of Cyber Crime

Significant damage can be done by cyberattacks on municipal and city governments. Information on employees and residents, as well as financial details and intellectual property, are all prime targets for hackers. They can cause substantial monetary losses and disruptions to essential utilities like water and electrical networks. Hackers have leveraged security holes to take over nuclear power plants and other facilities.

The most serious violations committed against American cities and municipalities in 2023 are as follows.

Definitions

Breach: Attacker is inside the computers, network, and or systems.

Compromise: Attackers have copied and taken data

City of Lebanon, New Hampshire
Ransomware - Estimated cost: Unknown.
City of Nashua, New Hampshire
Data breach – Exposed over 5,000 employees’ personal information – Cause: vulnerability in payroll system
State of New Hampshire

Data Breach - Exposed over 10,000 residents’ personal information – Cause: 3rd party vendor

 

 

Some of the many city and municipal breaches that have happened around the United States in 2023 include the ones listed above. There is a growing danger to our communities' safety as a result of these breaches and compromises. Additional preventative measures should be taken by local and municipal governments to ward off cyberattacks.  Many American communities and towns become victim to cyberattacks for various reasons. These include, but are not limited to:

  1. Insufficient means. Unfortunately, many local governments lack the funds necessary to implement comprehensive cybersecurity policies and procedures. This can make them appealing to hackers who are looking for easy targets to exploit.
  2. Antiquated equipment. Too often, local governments rely on antiquated systems that leave them open to cyberattacks. For instance, many municipalities are still employing the usage of antiquated computer systems and software, both of which are rife with security holes.
  3. Not enough training. There is a widespread lack of cybersecurity education and training among municipal workers. Because of this, mistakes are made, and hackers take advantage of the uneducated. For instance, workers may unwittingly provide hackers access to their networks by engaging in actions such as clicking on phishing links or opening harmful attachments.
  4. Many local governments are unaware of the most recent cyberthreats. As a result, hackers may target them in the hopes of exploiting weaknesses that go undetected.

 SAFEGUARDING YOURSELF

Municipal and city governments can take many measures to safeguard themselves from cybercrime. Implementing solid security measures, such as using strong passwords, updating software, and employing firewalls and antivirus software, are among the most crucial stages.  Employees need to be educated on the dangers of cyberattacks and how to protect themselves.

Having a response plan implies knowing who will be involved and what actions will be taken in the event of a cyberattack.  In order to better defend local governments from cyber threats, the Cybersecurity and Infrastructure Security Agency (CISA) has published many suggestions.

https://www.cisa.gov/

The following are some suggestions:

  • Spending money on advanced cybersecurity tools like firewalls, intrusion detection systems (IDSs), and security awareness programs.
  • Having a solid backup and restoration strategy. This necessitates both routine data backups and a contingency plan for restoring lost information in the case of an attack.
  • Adopting stringent safety protocols. The use of robust passwords, regular software updates, firewalls, and antivirus programs are all essential.
  • Cybersecurity training for staff. Workers need to know what ransomware is and how to protect themselves from it.
  • Having a strategy ready to implement. Having a plan for who will be involved and what will be done in the event of a ransomware attack is essential.
  • Employ multi-factor authentication on email accounts, devices, and other software systems.
  • Email Filtering should be implemented to protect against Phishing, Viruses, and malware.

 Taking these measures can help businesses become more resistant to ransomware and lessen the likelihood of a devastating assault on technical infrastructure.  Some more advice on how to strengthen defenses against ransomware:

  • Employ a wide range of safety measures. Unfortunately, no single security system is immune to ransomware. Antivirus programs, firewalls, and intrusion detection systems are only some of the instruments that should be used.
  • Update your programs regularly. Security fixes that are included in software updates might shield your system from ransomware. Always update your software as soon as new versions become available.
  • Take caution using your mouse, don’t just click, think. Phishing emails are commonly the instigating factor in ransomware outbreaks. Do not follow links or download attachments from unsolicited emails.
  • Keep regular backups of your information. If your files have been encrypted by ransomware, this will help you decrypt them.
  • Prepare for catastrophic events. If your systems or data are compromised by ransomware, this will assist you recover them.

You can make your system more resistant to ransomware attacks by implementing these measures.

STEPS TO TAKE IN THE EVENT OF A CYBERATTACK

If you have been the target of a cyberattack, you can take measures to safeguard yourself and lessen the impact of the attack.

  • Putting a fraud warning on your credit record is a good idea. This will make it more challenging for identity thieves to open new accounts using your personal information. Contacting Equifax, Experian, and TransUnion, the three major credit agencies, is how you can set up a fraud alert.
  • Have your credit report frozen. Your credit report will be protected from unauthorized access in this way. Contacting the three main credit bureaus simultaneously will place a freeze on your credit.
  • Check your credit records for signs of fraud. Check for charges or accounts that you don't recall making. Report any questionable activity to the credit reporting agency right away.
  • Do report it to the authorities. This will serve as evidence of the theft and may help you get your money back.
  • Communicate with your insurance provider. You might be able to get your money back if you've got cyber insurance.

It is important to recognize that no one can prevent a Cyber Attack. However, taking these precautions may help you avoid or lessen the effects of a cyberattack. It's also likely that hackers will launch attacks on an increasing number of cities in the future. One explanation is that hackers are getting better and better at what they do. Because of the growing reliance of cities on technology, hackers are continually refining their methods of assault. Water, electricity, transit, and communication are just a few of the many utilities that rely heavily on technological advancements. Because of this, they are more susceptible to online assaults.  Finally, many municipal governments suffer from a shortage of both cybersecurity resources and skilled personnel. Unfortunately, many municipal governments lack the know-how and means to effectively counteract cyber threats. It is for this reason it is important to consult an expert.

This article is a primer on cyber security threats. There are many more vectors of attack than are mentioned here. As well, the number of technologies that exist to protect organizations from cyber-attacks is enormous and to numerous to outline here. And finally, responding and recovering from an attack involves a lot of technical, legal, and administrative experience, the steps outlined here are just a small portion of that response.

Douglas Poirier is the President and CEO of Umbral Technologies, based out of Merrimack, NH and has over 25 years of experience in the field of Information Technology and Cyber Security.