A recent report indicates that the government sector experienced a significant surge in cyberattacks during the latter half of 2022 as compared to the corresponding period in 2021. The COVID-19 pandemic accelerated the digitization of government institutions, resulting in a substantial rise in remote system access. This expansion of the attack surface provided more opportunities for malicious actors to engage in cyber warfare, which they used to target other nations.
The public sector, encompassing schools and local government offices, remains vulnerable to cyberattacks. These attacks can be motivated by politics or finance, both resulting in significant damage. Unfortunately, the frequency of attacks is increasing.
A Worrisome Trend
As per the CloudSEK XVigil report, cyberattacks aimed at government agencies rose by 95% in 2022 as compared to the corresponding period in the previous year. These attacks mainly focused on government institutions located in India, the United States, Indonesia, and China, accounting for around 40% of all incidents.
Government agencies usually collect and store vast amounts of data, including sensitive personal information about citizens that can be easily sold on the dark web. Additionally, there exists a possibility that hostile nation-states or terrorists could access and misuse national security and military data.
The report highlighted an increase in hacktivist attacks or politically motivated hacking during 2022. Cyberattacks are no longer primarily financially driven, as hackers now act in favor of or against political, religious, or economic events and policies.
In all, 9% of reported incidents against the government sector were the result of hacktivism. Moreover, ransomware gangs accounted for 6% of all attacks, which is a sizable portion. LockBit, which has the capacity to self-produce and spread on its own, was the ransomware operator with the highest level of activity.
It seems that the recent increase in government-sponsored cyber attacks can be attributed to the easy availability of services such as initial-access brokers and Ransomware-as-a-Service. This means that cybercrime is becoming more sophisticated and professional, with such services readily accessible to anyone.
Countries Most Attacked
The most targeted countries in the past two years have been India, the USA, Indonesia, and China, according to the report. It also highlights that China was the country that received the highest number of cyber-attacks in 2021.
According to CloudSEC, the significant rise in attacks targeting the Chinese government is due to the activities of various advanced persistent threat (APT) groups. One of these groups, AgainstTheWest, was identified as responsible for nearly 96% of the attacks against China. These attacks were part of Operation Renminbi’s campaign, believed to have been launched in response to China’s actions against the Uyghur community and Taiwan.
In 2022, India was the country that experienced the highest number of cyber attacks, with a significant increase reported by the Indian government. The report suggests that this surge was due to the efforts of the hacktivist group Dragon Force Malaysia, specifically their #OpIndia and #OpsPatuk campaigns. Other hacktivist groups supported these campaigns, which are believed to have set the stage for future cyber attacks.
Cyberattacks on Education and Local Governments
Cyber attacks are not limited to the government sector; the education sector is also a target. The Emsisoft report shows that in 2022, 89 educational organizations were hit by ransomware attacks. The number of schools that could have been affected by these attacks increased significantly compared to the previous year, with 1,981 schools potentially impacted in 2022 compared to 1,043 in 2021.
The Emsisoft report indicates that a total of 45 school districts and 44 colleges and universities were impacted by these incidents. Furthermore, in 2022, data was exfiltrated in a higher proportion of cases, with 65% of attacks resulting in data theft, as compared to 50% in 2021.
Emsisoft’s report also revealed that in 2022, ransomware attacks impacted 106 state or local governments or agencies, a significant rise from the 77 attacks recorded in 2021. It is important to mention that these figures were influenced considerably by a single incident in Miller County, Arkansas. In this incident, a compromised mainframe infected endpoints across 55 different counties with malware.
Out of the 106 ransomware attacks that occurred in 2022 against state or local governments or agencies, 25% resulted in data theft. However, if we exclude the Arkansas attack, this percentage jumps to 53%. In comparison, in 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.
Third-Party Cyber Victims Affect the Public Sector
Cyber attacks targeting third-party providers can have a significant impact on entire sectors, including the public sector. For instance, on December 26, Cott Systems, a cloud-based solutions provider, notified its customers in Rockland County, New York, that it had been the victim of an “organized cyberattack” on its servers. In an attempt to contain the breach, the company disconnected its servers.
Cott Systems plays a crucial role in managing government data related to public records, land records, and court cases. The company provides services to over 400 local governments in 21 states and has established connections with several national and international organizations. As a result of the server outage caused by the cyber attack, hundreds of local governments were forced to use manual processes. This resulted in delays in the processing of birth certificates, marriage licenses, and real estate transactions, according to ISMG.
According to Scott Rogers, the assistant manager of Nash County, “Everything is at a much slower pace” following the cyber attack on Cott Systems. As a result, at least six counties in North Carolina were unable to access their vital records systems and had to resort to manual record-keeping. This information was reported by WRAL-TV.
According to a worker in Livingston Parish, Louisiana, where Cott provides e-services, the workaround to deal with the aftermath of the cyber attack has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records. This information was reported by the WAFB9 news agency. Additionally, county clerks from Connecticut and Mississippi have also reported similar slowdowns in services over the past week, as the systems remained offline.
Cybersecurity on a Budget
The public sector often faces constraints on its budgets, which can limit its ability to build robust cyber defense systems. In order to stay ahead of the constantly evolving threat landscape, it’s crucial to make a continuous effort toward education and training. Although many organizations do provide cybersecurity training to their employees, it is not uncommon for such training to be infrequent or based on outdated information.
Equipping your team with thorough and current cybersecurity training can assist in safeguarding your company against ransomware and other cyber threats. Incorporating training and testing modules for phishing and social engineering attacks can prove to be especially effective in reducing the frequency of such incidents.
Here are some other security tips to consider:
- Ensure that all systems, applications, and platforms are running the latest versions to keep all security patches current.
- Back up your files to both a cloud service and a hard drive, so that you have a copy of your files in case of ransomware. Be sure to disconnect the hard drive after each use.
- Whenever possible, use strong passwords and multifactor authentication.
- Replace default usernames and passwords on all devices and establish a system for periodic password changes.
Cybersecurity for Larger Government Entities
A zero-trust approach is an effective way to ensure the security of data, particularly for larger government organizations. The U.S. Government has demonstrated its confidence in this approach by announcing its government-wide zero trust goals in January 2022, indicating its intention to implement it as soon as possible.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at firstname.lastname@example.org