March 6, 2023 By Jonathan Reed 4 min read

According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.

Cyberattacks continue to affect the entire public sector, including schools and local government offices. Threat actors can be politically or financially motivated. Either way, the damage is significant, and the attack rate continues to rise.

A worrisome trend

According to a recent CloudSEK XVigil report, the number of cyberattacks targeting government agencies saw an increase of 95% in 2022 compared to the same period the previous year. These attacks predominantly targeted government organizations in India, the United States, Indonesia and China, which accounted for approximately 40% of all incidents.

Government agencies often gather and keep large quantities of data, including personal information about citizens — data that is easy to sell on the dark web. There is also a risk that national security and military data could be accessed and used by hostile nation-states or terrorists.

The report also noted that in 2022 there was a notable rise in hacktivist attacks or hacking for political motives. Long gone are the days when financial gain drove most cyberattacks. Now, cyber aggressors act in support or opposition to various political, religious or economic events and policies.

Overall, hacktivism accounted for roughly 9% of reported incidents against the government sector. Ransomware groups were also responsible for a significant portion of attacks, making up 6% of the total. The most active ransomware operator was LockBit, which has the ability to self-propagate and spread on its own.

Apparently, part of the recent surge in government-sponsored attacks is due to the availability of services such as initial-access brokers and Ransomware-as-a-Service. In other words, cyber crime continues to evolve into “professional” services which can be easily purchased by anyone.

Countries most attacked

India, the USA, Indonesia and China continued to be the most targeted countries in the past two years. The report states that in 2021, China was the most targeted country in the world.

As per CloudSEC, the sharp increase in attacks against the Chinese government can be attributed to various advanced persistent threat (APT) groups. For example, the hacking group AgainstTheWest was the main perpetrator in almost 96% of cases against China. This campaign, dubbed Operation Renminbi, was apparently launched in response to China’s actions against Taiwan and the Uyghur community.

In 2022, the Indian government experienced a significant increase in cyberattacks, making it the most frequently targeted country last year. The report attributed this spike to the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous other hacktivist groups supported these activities, which paved the way for future campaigns.

Cyberattacks on education and local governments

The government sector is not the only victim of ongoing cyber assaults. According to a recent Emsisoft report, in 2022, 89 education sector organizations fell victim to ransomware attacks. The number of schools potentially affected by the attacks showed a marked increase from 2021, with 1,981 schools potentially affected in 2022 compared to 1,043 in the previous year.

Overall, these incidents impacted 45 school districts and 44 colleges and universities, according to the Emsisoft report. In addition, data was exfiltrated in a higher percentage of incidents in 2022, with 65% of attacks resulting in data exfiltration compared to 50% in 2021.

Emsisoft also reported that in 2022, ransomware attacks affected 106 state or local governments or agencies, a significant increase from the 77 attacks in 2021. It’s worth noting that these figures were heavily impacted by a single incident in Miller County, Arkansas, where one compromised mainframe spread malware to endpoints in 55 different counties.

25% of those 106 incidents resulted in data theft, but this percentage increases to 53% when excluding the large-scale Arkansas attack. In 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.

Third-party cyber victims affect the public sector

In many instances, attacks on third parties can affect entire sectors, including the public sector. For example, in a notification shared with New York’s Rockland County, cloud-based solutions provider Cott Systems informed its customers that it had been hit by an “organized cyberattack” on its servers on December 26. In response to the intrusion, the company disconnected its servers to contain the breach.

Cott Systems helps manage government data for public records, land records and court cases. The company serves over 400 local governments across 21 states and has established relationships with several national and international organizations. The server outage caused hundreds of local governments to rely on manual processes. This led to delays in the processing of birth certificates, marriage licenses and real estate transactions, as per ISMG.

“Everything is at a much slower pace,” Scott Rogers, assistant manager of Nash County, told WRAL-TV. At least six counties in North Carolina couldn’t access their vital records systems and had to revert to manual record-keeping.

A worker in Livingston Parish, Louisiana, where Cott provides e-services, told WAFB9 news agency that “the workaround has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records.” County clerks from Connecticut and Mississippi also reported similar slowdowns in the past week as services remained offline.

Cybersecurity on a budget

For the public sector, tight budgets often limit the ability to build an adequate cyber defense. Staying ahead of the ever-changing cyber threat landscape requires a commitment to ongoing education. While many organizations provide cybersecurity training to their employees, it’s not uncommon for training to be infrequent or outdated.

By providing your team with up-to-date, comprehensive cybersecurity training, you can help protect your company against ransomware and other cyberattacks. Training and testing for phishing and social engineering attacks can be particularly effective to reduce incident rates.

Some other security advice to follow includes:

  • Make sure to update all systems, applications and platforms to the latest version. This helps keep all security patches up to date.
  • Back up your files on a cloud service and a hard drive. That way, in the event of ransomware, you still have a copy of your files. Remember to disconnect the hard drive after each session.
  • Use strong passwords and multifactor authentication whenever possible.
  • Always replace default usernames and passwords on all devices. Have a system in place for periodic password changes.

Cybersecurity for larger government entities

For larger government organizations, a zero trust approach keeps data safe. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to deploy it as soon as possible.

More from News

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today