March 6, 2023 By Jonathan Reed 4 min read

According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.

Cyberattacks continue to affect the entire public sector, including schools and local government offices. Threat actors can be politically or financially motivated. Either way, the damage is significant, and the attack rate continues to rise.

A worrisome trend

According to a recent CloudSEK XVigil report, the number of cyberattacks targeting government agencies saw an increase of 95% in 2022 compared to the same period the previous year. These attacks predominantly targeted government organizations in India, the United States, Indonesia and China, which accounted for approximately 40% of all incidents.

Government agencies often gather and keep large quantities of data, including personal information about citizens — data that is easy to sell on the dark web. There is also a risk that national security and military data could be accessed and used by hostile nation-states or terrorists.

The report also noted that in 2022 there was a notable rise in hacktivist attacks or hacking for political motives. Long gone are the days when financial gain drove most cyberattacks. Now, cyber aggressors act in support or opposition to various political, religious or economic events and policies.

Overall, hacktivism accounted for roughly 9% of reported incidents against the government sector. Ransomware groups were also responsible for a significant portion of attacks, making up 6% of the total. The most active ransomware operator was LockBit, which has the ability to self-propagate and spread on its own.

Apparently, part of the recent surge in government-sponsored attacks is due to the availability of services such as initial-access brokers and Ransomware-as-a-Service. In other words, cyber crime continues to evolve into “professional” services which can be easily purchased by anyone.

Countries most attacked

India, the USA, Indonesia and China continued to be the most targeted countries in the past two years. The report states that in 2021, China was the most targeted country in the world.

As per CloudSEC, the sharp increase in attacks against the Chinese government can be attributed to various advanced persistent threat (APT) groups. For example, the hacking group AgainstTheWest was the main perpetrator in almost 96% of cases against China. This campaign, dubbed Operation Renminbi, was apparently launched in response to China’s actions against Taiwan and the Uyghur community.

In 2022, the Indian government experienced a significant increase in cyberattacks, making it the most frequently targeted country last year. The report attributed this spike to the hacktivist group Dragon Force Malaysia’s #OpIndia and #OpsPatuk campaigns. Numerous other hacktivist groups supported these activities, which paved the way for future campaigns.

Cyberattacks on education and local governments

The government sector is not the only victim of ongoing cyber assaults. According to a recent Emsisoft report, in 2022, 89 education sector organizations fell victim to ransomware attacks. The number of schools potentially affected by the attacks showed a marked increase from 2021, with 1,981 schools potentially affected in 2022 compared to 1,043 in the previous year.

Overall, these incidents impacted 45 school districts and 44 colleges and universities, according to the Emsisoft report. In addition, data was exfiltrated in a higher percentage of incidents in 2022, with 65% of attacks resulting in data exfiltration compared to 50% in 2021.

Emsisoft also reported that in 2022, ransomware attacks affected 106 state or local governments or agencies, a significant increase from the 77 attacks in 2021. It’s worth noting that these figures were heavily impacted by a single incident in Miller County, Arkansas, where one compromised mainframe spread malware to endpoints in 55 different counties.

25% of those 106 incidents resulted in data theft, but this percentage increases to 53% when excluding the large-scale Arkansas attack. In 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.

Third-party cyber victims affect the public sector

In many instances, attacks on third parties can affect entire sectors, including the public sector. For example, in a notification shared with New York’s Rockland County, cloud-based solutions provider Cott Systems informed its customers that it had been hit by an “organized cyberattack” on its servers on December 26. In response to the intrusion, the company disconnected its servers to contain the breach.

Cott Systems helps manage government data for public records, land records and court cases. The company serves over 400 local governments across 21 states and has established relationships with several national and international organizations. The server outage caused hundreds of local governments to rely on manual processes. This led to delays in the processing of birth certificates, marriage licenses and real estate transactions, as per ISMG.

“Everything is at a much slower pace,” Scott Rogers, assistant manager of Nash County, told WRAL-TV. At least six counties in North Carolina couldn’t access their vital records systems and had to revert to manual record-keeping.

A worker in Livingston Parish, Louisiana, where Cott provides e-services, told WAFB9 news agency that “the workaround has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records.” County clerks from Connecticut and Mississippi also reported similar slowdowns in the past week as services remained offline.

Cybersecurity on a budget

For the public sector, tight budgets often limit the ability to build an adequate cyber defense. Staying ahead of the ever-changing cyber threat landscape requires a commitment to ongoing education. While many organizations provide cybersecurity training to their employees, it’s not uncommon for training to be infrequent or outdated.

By providing your team with up-to-date, comprehensive cybersecurity training, you can help protect your company against ransomware and other cyberattacks. Training and testing for phishing and social engineering attacks can be particularly effective to reduce incident rates.

Some other security advice to follow includes:

  • Make sure to update all systems, applications and platforms to the latest version. This helps keep all security patches up to date.
  • Back up your files on a cloud service and a hard drive. That way, in the event of ransomware, you still have a copy of your files. Remember to disconnect the hard drive after each session.
  • Use strong passwords and multifactor authentication whenever possible.
  • Always replace default usernames and passwords on all devices. Have a system in place for periodic password changes.

Cybersecurity for larger government entities

For larger government organizations, a zero trust approach keeps data safe. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to deploy it as soon as possible.

More from News

CISA launches portal to simplify cyber incident reporting

2 min read - Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement. “Reported incidents enable CISA and our partners to help victims mitigate…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Are new gen AI tools putting your business at additional risk?

3 min read - If you're wondering whether new generative artificial intelligence (gen AI) tools are putting your business at risk, the answer is: Probably. Even more so with the increased use of AI tools in the workplace. A recent Deloitte study found more than 60% of knowledge workers use AI tools at work. While the tools bring many benefits, especially improved productivity, experts agree they add more risk. According to the NSA Cybersecurity Director Dave Luber, AI brings unprecedented opportunities while also presenting…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today