March 6, 2023 By Jonathan Reed 4 min read

According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.

Cyberattacks continue to affect the entire public sector, including schools and local government offices. Threat actors can be politically or financially motivated. Either way, the damage is significant, and the attack rate continues to rise.

A worrisome trend

According to a recent CloudSEK XVigil report, the number of cyberattacks targeting government agencies saw an increase of 95% in 2022 compared to the same period the previous year. These attacks predominantly targeted government organizations in India, the United States, Indonesia and China, which accounted for approximately 40% of all incidents.

Government agencies often gather and keep large quantities of data, including personal information about citizens — data that is easy to sell on the dark web. There is also a risk that national security and military data could be accessed and used by hostile nation-states or terrorists.

The report also noted that in 2022 there was a notable rise in hacktivist attacks or hacking for political motives. Long gone are the days when financial gain drove most cyberattacks. Now, cyber aggressors act in support or opposition to various political, religious or economic events and policies.

Overall, hacktivism accounted for roughly 9% of reported incidents against the government sector. Ransomware groups were also responsible for a significant portion of attacks, making up 6% of the total. The most active ransomware operator was LockBit, which has the ability to self-propagate and spread on its own.

Apparently, part of the recent surge in government-sponsored attacks is due to the availability of services such as initial-access brokers and Ransomware-as-a-Service. In other words, cyber crime continues to evolve into “professional” services which can be easily purchased by anyone.

Countries most attacked

India, the USA, Indonesia and China continued to be the most targeted countries in the past two years. The report states that in 2021, China was the most targeted country in the world.

As per CloudSEC, the sharp increase in attacks against the Chinese government can be attributed to various advanced persistent threat (APT) groups. For example, the hacking group AgainstTheWest was the main perpetrator in almost 96% of cases against China. This campaign, dubbed Operation Renminbi, was apparently launched in response to China’s actions against Taiwan and the Uyghur community.

In 2022, the Indian government experienced a significant increase in cyberattacks, making it the most frequently targeted country last year. The report attributed this spike to the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous other hacktivist groups supported these activities, which paved the way for future campaigns.

Cyberattacks on education and local governments

The government sector is not the only victim of ongoing cyber assaults. According to a recent Emsisoft report, in 2022, 89 education sector organizations fell victim to ransomware attacks. The number of schools potentially affected by the attacks showed a marked increase from 2021, with 1,981 schools potentially affected in 2022 compared to 1,043 in the previous year.

Overall, these incidents impacted 45 school districts and 44 colleges and universities, according to the Emsisoft report. In addition, data was exfiltrated in a higher percentage of incidents in 2022, with 65% of attacks resulting in data exfiltration compared to 50% in 2021.

Emsisoft also reported that in 2022, ransomware attacks affected 106 state or local governments or agencies, a significant increase from the 77 attacks in 2021. It’s worth noting that these figures were heavily impacted by a single incident in Miller County, Arkansas, where one compromised mainframe spread malware to endpoints in 55 different counties.

25% of those 106 incidents resulted in data theft, but this percentage increases to 53% when excluding the large-scale Arkansas attack. In 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.

Third-party cyber victims affect the public sector

In many instances, attacks on third parties can affect entire sectors, including the public sector. For example, in a notification shared with New York’s Rockland County, cloud-based solutions provider Cott Systems informed its customers that it had been hit by an “organized cyberattack” on its servers on December 26. In response to the intrusion, the company disconnected its servers to contain the breach.

Cott Systems helps manage government data for public records, land records and court cases. The company serves over 400 local governments across 21 states and has established relationships with several national and international organizations. The server outage caused hundreds of local governments to rely on manual processes. This led to delays in the processing of birth certificates, marriage licenses and real estate transactions, as per ISMG.

“Everything is at a much slower pace,” Scott Rogers, assistant manager of Nash County, told WRAL-TV. At least six counties in North Carolina couldn’t access their vital records systems and had to revert to manual record-keeping.

A worker in Livingston Parish, Louisiana, where Cott provides e-services, told WAFB9 news agency that “the workaround has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records.” County clerks from Connecticut and Mississippi also reported similar slowdowns in the past week as services remained offline.

Cybersecurity on a budget

For the public sector, tight budgets often limit the ability to build an adequate cyber defense. Staying ahead of the ever-changing cyber threat landscape requires a commitment to ongoing education. While many organizations provide cybersecurity training to their employees, it’s not uncommon for training to be infrequent or outdated.

By providing your team with up-to-date, comprehensive cybersecurity training, you can help protect your company against ransomware and other cyberattacks. Training and testing for phishing and social engineering attacks can be particularly effective to reduce incident rates.

Some other security advice to follow includes:

  • Make sure to update all systems, applications and platforms to the latest version. This helps keep all security patches up to date.
  • Back up your files on a cloud service and a hard drive. That way, in the event of ransomware, you still have a copy of your files. Remember to disconnect the hard drive after each session.
  • Use strong passwords and multifactor authentication whenever possible.
  • Always replace default usernames and passwords on all devices. Have a system in place for periodic password changes.

Cybersecurity for larger government entities

For larger government organizations, a zero trust approach keeps data safe. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to deploy it as soon as possible.

More from News

DHS establishes Artificial Intelligence Safety and Security Board

3 min read - As part of its commitment to addressing the rapid growth and adoption of AI technology across all industries and sectors, the Department of Homeland Security (DHS) announced the establishment of the Artificial Intelligence Safety and Security Board in late April. The Board’s first meeting is planned for early May when they will begin the task of focusing on how to develop and deploy AI technology within the United States’ critical infrastructure safely and securely. Based on the DHS Homeland Threat…

White House cements CISA’s role as national coordinator for cybersecurity

2 min read - In 2013, the Obama Administration rolled out "The Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience", a forerunner to the Cybersecurity and Infrastructure Security Agency (CISA), created "to strengthen and maintain secure, functioning and resilient critical infrastructure." The directive was groundbreaking in 2013, noting the importance of the rising risk of cyberattacks against critical infrastructure. But as cyber risks are constantly shifting, every cybersecurity program needs to be re-evaluated, and CISA is no exception. That’s why, in April 2024,…

Debate rages over DMCA Section 1201 exemption for generative AI

3 min read - The Digital Millennium Copyright Act (DMCA) is a federal law that protects copyright holders from online theft. The DMCA covers music, movies, text and anything else under copyright. The DMCA also makes it illegal to hack technologies that copyright owners use to protect their works against infringement. These technologies can include encryption, password protection or other measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions or “Section 1201”. Now, a fierce debate is brewing over whether to allow…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today