According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.

Cyberattacks continue to affect the entire public sector, including schools and local government offices. Threat actors can be politically or financially motivated. Either way, the damage is significant, and the attack rate continues to rise.

A Worrisome Trend

According to a recent CloudSEK XVigil report, the number of cyberattacks targeting government agencies saw an increase of 95% in 2022 compared to the same period the previous year. These attacks predominantly targeted government organizations in India, the United States, Indonesia and China, which accounted for approximately 40% of all incidents.

Government agencies often gather and keep large quantities of data, including personal information about citizens — data that is easy to sell on the dark web. There is also a risk that national security and military data could be accessed and used by hostile nation-states or terrorists.

The report also noted that in 2022 there was a notable rise in hacktivist attacks or hacking for political motives. Long gone are the days when financial gain drove most cyberattacks. Now, cyber aggressors act in support or opposition to various political, religious or economic events and policies.

Overall, hacktivism accounted for roughly 9% of reported incidents against the government sector. Ransomware groups were also responsible for a significant portion of attacks, making up 6% of the total. The most active ransomware operator was LockBit, which has the ability to self-propagate and spread on its own.

Apparently, part of the recent surge in government-sponsored attacks is due to the availability of services such as initial-access brokers and Ransomware-as-a-Service. In other words, cyber crime continues to evolve into “professional” services which can be easily purchased by anyone.

Countries Most Attacked

India, the USA, Indonesia and China continued to be the most targeted countries in the past two years. The report states that in 2021, China was the most targeted country in the world.

As per CloudSEC, the sharp increase in attacks against the Chinese government can be attributed to various advanced persistent threat (APT) groups. For example, the hacking group AgainstTheWest was the main perpetrator in almost 96% of cases against China. This campaign, dubbed Operation Renminbi, was apparently launched in response to China’s actions against Taiwan and the Uyghur community.

In 2022, the Indian government experienced a significant increase in cyberattacks, making it the most frequently targeted country last year. The report attributed this spike to the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous other hacktivist groups supported these activities, which paved the way for future campaigns.

Cyberattacks on Education and Local Governments

The government sector is not the only victim of ongoing cyber assaults. According to a recent Emsisoft report, in 2022, 89 education sector organizations fell victim to ransomware attacks. The number of schools potentially affected by the attacks showed a marked increase from 2021, with 1,981 schools potentially affected in 2022 compared to 1,043 in the previous year.

Overall, these incidents impacted 45 school districts and 44 colleges and universities, according to the Emsisoft report. In addition, data was exfiltrated in a higher percentage of incidents in 2022, with 65% of attacks resulting in data exfiltration compared to 50% in 2021.

Emsisoft also reported that in 2022, ransomware attacks affected 106 state or local governments or agencies, a significant increase from the 77 attacks in 2021. It’s worth noting that these figures were heavily impacted by a single incident in Miller County, Arkansas, where one compromised mainframe spread malware to endpoints in 55 different counties.

25% of those 106 incidents resulted in data theft, but this percentage increases to 53% when excluding the large-scale Arkansas attack. In 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.

Third-Party Cyber Victims Affect the Public Sector

In many instances, attacks on third parties can affect entire sectors, including the public sector. For example, in a notification shared with New York’s Rockland County, cloud-based solutions provider Cott Systems informed its customers that it had been hit by an “organized cyberattack” on its servers on December 26. In response to the intrusion, the company disconnected its servers to contain the breach.

Cott Systems helps manage government data for public records, land records and court cases. The company serves over 400 local governments across 21 states and has established relationships with several national and international organizations. The server outage caused hundreds of local governments to rely on manual processes. This led to delays in the processing of birth certificates, marriage licenses and real estate transactions, as per ISMG.

“Everything is at a much slower pace,” Scott Rogers, assistant manager of Nash County, told WRAL-TV. At least six counties in North Carolina couldn’t access their vital records systems and had to revert to manual record-keeping.

A worker in Livingston Parish, Louisiana, where Cott provides e-services, told WAFB9 news agency that “the workaround has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records.” County clerks from Connecticut and Mississippi also reported similar slowdowns in the past week as services remained offline.

Cybersecurity on a Budget

For the public sector, tight budgets often limit the ability to build an adequate cyber defense. Staying ahead of the ever-changing cyber threat landscape requires a commitment to ongoing education. While many organizations provide cybersecurity training to their employees, it’s not uncommon for training to be infrequent or outdated.

By providing your team with up-to-date, comprehensive cybersecurity training, you can help protect your company against ransomware and other cyberattacks. Training and testing for phishing and social engineering attacks can be particularly effective to reduce incident rates.

Some other security advice to follow includes:

  • Make sure to update all systems, applications and platforms to the latest version. This helps keep all security patches up to date.
  • Back up your files on a cloud service and a hard drive. That way, in the event of ransomware, you still have a copy of your files. Remember to disconnect the hard drive after each session.
  • Use strong passwords and multifactor authentication whenever possible.
  • Always replace default usernames and passwords on all devices. Have a system in place for periodic password changes.

Cybersecurity for Larger Government Entities

For larger government organizations, a zero trust approach keeps data safe. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to deploy it as soon as possible.

More from News

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

Hackers are Increasingly Targeting Auto Dealers

Auto dealerships are increasingly concerned with cybersecurity in the face of new regulations and an alarming rise in cyberattacks. The Second Annual Global State of Cybersecurity Report by CDK Global found that 85% of dealerships say cybersecurity is very or extremely important relative to other operational areas. Additionally, 89% say cybersecurity is more important than last year, a 12% increase. Not surprisingly, only 37% of auto retailers are confident in the current protection, which is a 21% decrease from 2021.…

LastPass Breaches Cast Doubt on Password Manager Safety

In 2022, LastPass suffered a string of security breaches which sparked concern among cyber professionals and those impacted by the intrusions. Some called into question the way LastPass handled and responded to the incident. In addition, the situation ignited a wider conversation about the risks linked to utilizing password managers. A password manager helps users generate strong passwords and safeguards them within a digital locker. A master password secures all data, which enables users to conveniently access all their passwords…

Good Guys Decrypt Ransomware Targeting Charitable Groups

Imagine you’re an IT manager amid a ransomware attack. While your team scrambles for solutions, the intruders demand a ransom. Of course, you don’t want to pay; you just want your files back. But as time ticks by and the extortionists turn up the heat, your bosses are about to give in and pay the ransom. But then, the FBI calls. “Don’t pay,” the agent says. “We’ve found someone who can crack the encryption.” Sound too good to be true?…