According to a recent CloudStrike Global Threat Report, cyber attacks reached unprecedented levels of speed and efficiency in 2023, with the shortest breakout rate reported at only 2 minutes and 7 seconds. The incidence of attacks has also increased, with a 75% surge in cloud-based attacks alone. Despite advancements in threat detection and cybersecurity technology, hackers continue to adapt, frequently leveraging advanced tools, such as generative AI, to exploit vulnerabilities more successfully.
Governments are not immune to these attacks, often witnessing their systems impacted and operations crippled by malware, ransomware, or denial of service (DDoS) attacks. According to a report by the Center for Internet Security, all types of attacks against government agencies have increased in the past year, including a 148% surge in malware attacks and a 313% rise in endpoint security incidents, such as unauthorized access, data breaches, and insider threats.
The cost of recovering key data and restoring critical services can often amount to millions of taxpayer dollars, highlighting the importance of proactively addressing vulnerabilities before cyber attacks inflict harm.
Cyber Attacks Are on the Rise
According to CloudStrike’s report, stealth was the dominant theme of the 2023 threat landscape. While advancements in threat awareness and cybersecurity technology faced hackers with a significantly more challenging attack surface, they responded with tactics that empowered them to move faster than ever before, evading detection.
A notable portion of cyber attacks targeted end-of-life products, as threat actors successfully deployed otherwise antiquated malware against unsupported operating systems and legacy gateway appliances. These tactics pose a particularly high risk to government organizations still relying on outdated technology.
Cloud-based attacks saw a substantial 75% increase, often involving the exploitation of cloud resources to infiltrate on-premise environments. For instance, the group Scattered Spider, known for targeting MGM, breached a target organization’s Microsoft 365 environment and utilized VPN setup instructions stored on SharePoint to penetrate the network further.
The report also outlines a 60% surge in interactive intrusion attacks, characterized by hands-on activities rather than automated tools or scripts. While the tech industry bore the brunt with 23% of these attacks, governments (9%) and educational institutions (4%) were also affected.
Adversaries also honed in on vendor-client relationships, exploiting a single access point to infiltrate multiple organizations. According to the report, 100% of relationship exploits in 2023 originated from commercial software providers, underscoring the critical importance of meticulous vendor selection.
The report additionally highlighted a 75% increase in non-malware methods, such as social engineering, vulnerability exploitation, and the use of stolen credentials sold by access brokers. The majority of these brokers targeted U.S. entities and the academic sector.
What to Expect in 2024?
Cyber attacks will continue to rise in 2024.
Election misinformation emerges as a paramount concern this year, with AI facilitating disinformation campaigns at an unprecedented pace. The report also indicates the resurgence of older forms of election-related attacks, such as DDoS and website defacement assaults targeting voting information websites.
The report states that despite a decrease in reported ransom demands in 2023, ransomware is expected to remain a significant threat in 2024. As victims and cyber extortionists often conceal payments, they do not accurately reflect a decrease in extortion demands.
The noticeable increase in extortionists stealing data and threatening to expose it without the deployment of ransomware malware is anticipated to escalate in 2024, even as the threat of malware-based ransom extortion remains significant.
Government Entities are Among the Key Targets
Government agencies are not safe from the increasing wave of cybersecurity attacks, often enduring significant disruptions to their vital infrastructure and requiring months to recover fully.
The latest survey findings from the Center for Internet Security indicate a rise in all forms of cyber attacks targeting government agencies over the past year. Malware attacks surged by 148%, while ransomware incidents became 51% more prevalent. Additionally, non-malware cyber attacks, wherein hackers utilize existing tools on a device or within software to compromise a system instead of creating custom malware, saw a 37% increase. The report also highlighted a significant 313% uptick in endpoint security incidents, encompassing data breaches, unauthorized access, and insider threats.
The city of Lowell, MA, is among the targets, experiencing a ransomware attack that released 5 gigabytes of data to the dark web. This assault paralyzed the city government, rendering it without phone service, email access, or the ability to manage financial, human resources, asset, and revenue systems. City departments faced the daunting process of reconstructing servers and networks, deploying new equipment, establishing secure user access portals, and training employees in cybersecurity practices.
Even five months after the incident, Lowell had not fully bounced back. Due to vulnerabilities in equipment used to access internal, proprietary databases, police officers could still not write incident reports and carry out other essential functions from their patrol car computers.
Lowell is only one of many targets. In the last month alone, Fulton County, GA, Coeur d’Alene, ID, the Pennsylvania court system, as well as the Office of the Colorado State Public Defender have become victims of cyber attacks.
Such attacks not only disrupt the targeted organization’s operations but also result in substantial expenses required for repairs and vulnerability mitigation. For example, Fulton County allocated $10.2 million to replace outdated, 25-year-old software and an additional $1.2 million for independent verification and validation services.
How Can Governments Protect Themselves?
A preemptive system checkup can save significant resources required to address the chaos resulting from a successful security breach. Organizations can take several proactive measures to bolster their defenses against cyber attacks.
- Implementing multi-factor authentication (MFA) adds an extra layer of security and significantly reduces the risk of unauthorized access, even if passwords are compromised.
- Educating employees about common social engineering tactics is also essential. Regular training sessions can help teams recognize and resist manipulation attempts, such as phishing emails or phone calls aiming to extract sensitive information.
- Additionally, gaining better visibility into cloud-based environments is paramount. By continuously monitoring and auditing these environments, organizations can quickly identify and rectify misconfigurations that could potentially expose sensitive data or infrastructure to exploitation.
Although mitigating cyber attacks can incur significant costs, organizations committed to strengthening their defenses can tap into available federal funds to support their efforts. In 2023, the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) collectively allocated a substantial $374 million grant funding to assist eligible entities in addressing cybersecurity risks and threats to their information systems. Congress also authorized an appropriation of $300 million for 2024.
While the allocated funding may not fully cover the expenses of recovering from a sophisticated cybersecurity breach, it can significantly aid in identifying and addressing cyber weaknesses within municipalities. By leveraging these resources, organizations can enhance their cybersecurity posture, better protecting their information systems and critical infrastructure from cyber threats.
Leading the charge in leveraging Cybersecurity and Infrastructure Security Agency (CISA) funds, the state of Kansas unveiled a dedicated cybersecurity initiative focused on protecting its water systems after one of its drinking water treatment facilities was compromised through access on a former employee’s cell phone. This program, developed in accordance with the Cybersecurity Performance Goals outlined by CISA, aims to fortify the state’s infrastructure against potential cyber threats.
Improving the cybersecurity stance of a government organization demands a significant investment of time, energy, and funding. However, the expenses pale in comparison to the potential losses resulting from a cyber attack. Resources, such as Springbrook’s Cybersecurity Resource Center, provide crucial information for agencies seeking funding opportunities.
As highlighted by Springbrook’s 2023 Cybersecurity Survey, cybersecurity remains a top priority for CIOs. The report indicates that 57% of local government agencies nationwide intend to increase their cybersecurity budgets, and 98% routinely conduct cybersecurity training.
Our 2024 study, currently gathering data, promises to uncover even more valuable insights into cybersecurity trends, strategies for mitigating threats, and governmental approaches to addressing this year’s most pressing challenges. Stay tuned for an impactful report in the upcoming weeks.