Classifieds | Archives | Jobs | About TGT | Contact | Subscribe
Last updated 2 hours, 0 minute ago
Printer Friendly Version | TGT@Twitter | RSS Feed |
US local governments are under constant threat from ransomware
April 02, 2018
 Print    Send to Friend

NEW YORK: Two major US cities were crippled this week by ransomware, but even in the heart of Silicon Valley, government officials assigned to protect sensitive data feel vulnerable to what they see as a constant and evolving threat.

More than a fourth of US local governments are subject to hourly cyber attacks, according to a recent national survey, and about 1 in 7 experience yearly electronic security breaches that result in confirmed unauthorised access to sensitive information and systems. Nearly a third said the hackers were seeking ransom.

“Every city sees on a routine basis ransomware attacks; it’s just a matter of which ones get through,” said Rob Lloyd, the chief information officer of San Jose, Calif. “We’ve had minor ones we’ve been able to resolve. You lose a little ground, but you recover. We really feel for our colleagues in Atlanta and Baltimore. No one’s immune to these types of attacks. Everyone is running into the same type of threats.”

In Oakland, hackers in 2014 shut down various city websites, including the police department, and two years earlier released personal information of city leaders, including home addresses. Spokeswoman Karen Boyd said there haven’t been any recent ransomware attacks, but it is always a concern.

“Attacks like the one that occurred in Atlanta remind us that it is critical that we continue to build upon the security systems we have in place to keep our city safe,” Boyd said.

On March 22, ransomware hit Atlanta with a “digital extortion” that the New York Times called “one of the most sustained and consequential cyberattacks ever mounted against a major American city.” Dell SecureWorks, an Atlanta company helping the city deal with the attack, said it was the work of a hacking crew called “SamSam” that demanded $51,000 to free the city networks.

On Sunday, an attack on Baltimore shut down the city’s automated emergency dispatching for about 17 hours, according to the Washington Post. On Wednesday, the city’s chief information officer declared it the work of “ransomware perpetrators.”

Ransomware is one of many types of security threats governments must guard against. Hackers commandeer computer systems and threaten to destroy data or paralyze networks unless they are paid.

“It’s really alarming frankly what’s happening in Atlanta, but many people in the national security space have been worried about this for a long time,” said Kenneth Geers, senior research scientist at cybersecurity firm Comodo.

While businesses also are subject to such cyberattacks, experts say local governments are an appealing target for several reasons. They have lots of valuable personal data such as birth certificates and operate vital public systems such as emergency dispatch and wastewater treatment. They provide lots of information on the internet and have large staffs they must train to protect their networks. And they have limited budgets for upgrading their networks and security systems.


In 2016, the International City/County Management Association, a professional organisation for local-government administrators, surveyed 3,423 local governments serving populations of 25,000 or more on cybersecurity.

The association found that 26 per cent reported experiencing cyberattacks, attempts to gain unauthorized access, at least once an hour, and 32 per cent said the motivation was ransom. 16.3 per cent reported security incidents at least once a year in which their network security was compromised. And 14 per cent reported security breaches at least once a year in which unauthorized access was confirmed.

But “the most troubling results,” the survey study authors said, were “the high percentage of respondents that did not know how often they are attacked (27.6 per cent) and experience incidents (29.7 per cent) and breaches (41.0 per cent).”

“These data strongly suggest that, on average, local governments in the United States are not doing the kind of job necessary to achieve high levels of cybersecurity,” the study concluded.

Cory Fleming, a senior technical specialist with the International City/County Management Association, said “it is something I don’t think a lot of local government managers have stopped to think about.”

“Our technology has been growing so fast, but so have the technologies to thwart that technology,” Fleming said.

The cost of data breaches can be staggering. A 2016 BetaNews article put the total average cost of a data breach at $6.53 million, including $3.72 million in lost business. Fleming said it’s become so costly that some municipalities buy insurance to cover the costs of cyberattacks.

Fleming said that for many ransomware victims, “it’s cheaper for them to pay the ransom so they can continue to operate than to not pay them.”

Over the past year, ransomware garnered widespread attention among researchers and the general public alike, with three major attacks inflicting notable damage. WannaCry used a Windows exploit to spread across the globe, infecting computer systems in more than 150 countries with serious real-world impacts to businesses, most notably shutting down hospitals throughout the United Kingdom. NotPetya and Badrabbit also spread aggressively and took out systems most densely clustered in Russia and surrounding states.

Ransomware attacks

While these ransomware attacks stand out because they were widespread, self-propagating, and suspected to be connected to to nation-state cyber operations, “traditional”, criminally-motivated ransomware remains a massive problem affecting individuals and companies across the globe. Pinning down exact numbers is difficult, but there is clearly significant expansion and impact in terms of the number of different ransomware strains (by some accounts tripling from 2016 to 2017), infection rates, and exponentially increasing costs (predicted in excess of $5 billion in 2017, up from $325 million in 2015 and an estimated $1 billion in 2016), according to Cybersecurity Ventures.

The ease of execution and overall success rate of ransomware attacks — US victims pay roughly 64% of the time — has made it an attractive tactic for anyone looking to make significant sums of money online. Rather than going after a single, high-profile target for a big score or selling credit card numbers and personal information on the dark web for cents per record, attackers employ ransomware to go after a wide swath of targets, sometimes for small amounts of money per target but for massive hauls in total.

What should we expect going forward over the next several months, years, and beyond? Unfortunately, we will not see a drop in scope and impact of this activity. We likely won’t even be lucky enough for the status quo to continue. We should anticipate new strategies and tactics in addition to what we see today. I anticipate four major trends.

This is the easiest prediction to make, but it must be said: criminal attackers will continue to win. We will continue to see widespread spam and drive-by-download attacks targeting average Internet users and corporate users. Attackers of all kinds can exploit vulnerabilities in third-party applications or operating systems, or simply leverage legitimate system features like Office macros and Powershell to infect systems. Consumer and enterprise anti-malware solutions haven’t slowed down or stopped this phenomenon. Users will continue to be tricked into executing ransomware by clever attackers, and typical protections such as anti-virus will continue to systematically fail in our rapidly evolving ransomware ecosystem.


Add this page to your favorite Social Bookmarking websites
Post a comment
Advertise | Copyright