Russia’s invasion of Ukraine has made cybersecurity a priority; according to Government Technology, cyber experts are warning that U.S. organizations could be targeted by Russian cyberattacks or impacted by the spillover of malware unleashed in Ukraine. The entire world seems to be bracing for not only how the conflict unfolds on the other side of the globe, but also how things unfold behind the keyboards. Cybersecurity remains a top concern for the federal government and recently, even more so for state and local government agencies in this age of conflict—with a pandemic sidekick.
Attacks on State Agencies
On December 4, 2021, the Maryland Department of Health was the target of a ransomware attack. According to Gov. Lawrence Hogan and top Maryland DPH officials, the attack on the agency’s computer system sought a ransom payment from the state. They did not pay, as other states have in the past. The Maryland Department of Health and its 24 local government partners struggled for weeks during an outage that left some patients in the state unable to access medications. State officials were unable to issue death certificates and COVID numbers were being tracked by hand, according to Maryland Matters.
Washington state reported a breach at the Washington State Department of Licensing that affected approximately 650,000 individuals in January. The hackers stole the personal data of professional and occupational licensees that included social security numbers, forcing the department to take down the system to investigate the breach. The Washington Policy Center reported on March 6 that the Washington State Department of Licensing restored its website and now offers free credit reporting to those affected. The attack took Washington’s system down for two months.
New Jersey saw an uptick of 12% in attacks originating from Belarus and Russia just in the two weeks before March 3. Inconvenience to users is no longer a consideration for multifactor authentication, it is increasingly becoming required.
Ransomware Threats Escalating
According to the HIPAA journal, 2021 also saw an increase in the severity of ransomware attacks. Ransomware gangs try to inflict as much disruption as possible to increase their chances of receiving the ransom. According to the article, “ransomware gangs are targeting cloud infrastructures and are exploiting known vulnerabilities in cloud applications, virtual machine software, and virtual machine orchestration software.”
Remote Working Vulnerabilities
The more we seem to expand on remote working, the more the vulnerabilities increase. Initial access to networks is gained through phishing attacks used to obtain credentials, such as Remote Desktop Protocols (RDP). These attack vectors have proven successful due to the increased attack surface due to remote working and schooling as a result of the pandemic.
State Cybersecurity Legislation
The National Conference of State Legislatures (NCSL) issued a report showing at least 250 bills or resolutions introduced in 2021 by 45 states and Puerto Rico to deal with cybersecurity, with 35 states enacting bills. This represents quite an increase since the beginning of the pandemic.
Take Action—Instead of Worrying
- Cybersecurity & Infrastructure Security Agency (CISA) offers on ongoing list of known vulnerabilities used by cybercriminals. They also published a Telework Essentials Toolkit to help teleworkers remain secure while working remotely, as well as several reference material pages on their website for different types of organizations.
- Most organizations also provide policies and guidelines to follow when working at the office or remote and, of course, those should always be followed.
- With cybercrime on the rise in both private and public sectors, stay vigilant and up to date on current trends for this type of crime, as well as how to prevent a breach in your office or remote work. Understanding these threats gives you a solid threat defense strategy.
Renae Gugler, Technical Analyst at GL Solutions, writes articles about issues that affect licensing agencies, helping government run, grow and adapt.
Stay up to date
Subscribe to our newsletter to receive the latest regulatory news delivered to your inbox each week.