When we talk about cyberattacks, we usually think about multinationals, or large public administrations. However, there are times when the victims are much smaller and more powerless. In July, there was panic in Louisiana when a piece of malware took over a growing number of computers, all belonging to public services. The worst hit were several schools, which were forced to shut down their IT systems because of the attack. This attack managed to encrypt sensitive files, leaving it impossible to recover them.

Despite this being a local attack, it was so serious that the authorities had to turn to cybersecurity experts from the Louisiana National Guard, the Louisiana State Police, and the Office of Technical Services in order to solve this problem.

This is far from the only recent example. In May, the city of Baltimore was also forced to shut down its IT systems after a cyberattack hit the local administration’s basic services, such as email, phone lines and online payment forms. A similar incident occurred in the city hall of Albany, New York, which suffered a cyberattack in March. This attack affected both the police department and administrative services (including marriage licenses, and birth and death certificate services).

The worst thing is that these cases keep repeating themselves. In Rivera Beach, a piece of ransomware that came in an email paralyzed the whole city’s public services, while Lake City and Key Biscayne suffered similar incidents. On top of this, they were forced to pay up: River Beach, over €600,000; and Lake City nearly €420,000.

Cyberattacks targeting public services_

All these incidents have two things in common. Firstly, they are targeted ransomware attacks. Compared to traditional massive attacks, launched against multiple companies and organizations, targeted attacks have a far more limited objective. They are also more effective, destructive, and costly. This is down to the fact that, before the attack is launched, the attackers carry out an in-depth analysis of how best to affect the victim.

Secondly, all of this cybercriminal activity has one clear goal: public administration services. If these services collapse, chaos can reign in a much larger area than if a large company is attacked.

Cyberattacks against this kind of organization tend to be varied. One recurring technique is to infect computers with malicious email attachments. But strategies are changing and becoming more sophisticated. The use of fileless malware is also common. This kind of malware takes computers hostage by altering code, while Living-off-the-Land (LotL) attacks make use of legitimate system tools to infect the system and carry out the attack without setting off any alarms. This is why these last two strategies, which have become particularly prevalent in the last few years, are not usually picked up by traditional cybersecurity solutions.

How to protect public administrations_

Different public administrations must be aware that cybercrime isn’t just about destabilizing the corporate cybersecurity of large companies. It is now often more effective to target public services, especially when the victim is a small administration, which, in theory, has fewer resources to protect itself.

To stop this kind of attack, small and large government organizations must accept that cybercrime can only be stopped by carrying out exhaustive, real time analysis of everything that happens on the administration’s IT systems. All of this should be done using techniques such as Threat hunting, which actively and iteratively searches for possible threats.

In this sense, Cytomic Orion is based on two technological processes in order to avoid these dangers. On one hand, the cloud-based platform processes large volumes of data with artificial intelligence algorithms supervised by cybersecurity experts. These algorithms reduce the attack surface, while the same time taking care of preventing, detecting and responding to all kinds of cyberattacks, executed with any kind of malware, known or unknown, ransomware, APTs, or LotL techniques. On the other hand, the managed Zero-trust App service applies a zero trust approach to the applications that try to run on endpoints, stopping them from executing until they are validated by the service.

When a public service stops functioning, a whole city can come to a standstill. This is why cybercrime no longer just goes after large private corporations. They now also target public administrations. These organizations must therefore be aware of the risks that they face, and work to avoid them.