New Orleans & UK Government Slammed by Cyberattacks

Last week, the mayor of the City of New Orleans, LaToya Cantrell, declared a state of emergency, shutting down 4,000 computers and servers following what is the latest in an escalating series of cyber-attacks on civic authorities in the US and UK. 

The New Orleans attack follows coordinated ransomware attacks on 22 separate towns across Texas, with earlier attacks reported to have collected $400,000 from Jackson County, Georgia; nearly $600,000 from Riviera Beach, Florida; $490,000 from Lake City, Florida; $130,000 from LaPorte County, Indiana; and $100,000 from the public school district in Rockville Centre, New York.

Cyber-attacks are also spreading in other countries, like the UK and are also becoming increasingly frequent. The number of malicious attacks in the UK almost tripled in the first half of 2019. According to insurance broker Gallagher there were almost 800 cyberattacks aimed at UK local authorities every hour in the first half of 2019, with one local council reporting a loss of £2 million.

Many of the cybercriminals conducting the ransomware attacks in the US and the UK are based in locations such as Russia which do not have workable extradition treaties with the US and the UK. There is now speculation that the malware that infected the City of New Orleans was RYUK, which is generally used by Russian hacker groups such as WIZARD SPIDER. The current vulnerability of local governments to this type of attack also raises questions of national security as the crippling of local services could coincide with an orchestrated cyber-attack by a foreign power aimed at causing maximum physical and economic disruption. The City of New Orleans ransomware attack is under investigation by state and federal law-enforcement agencies, as well as the Louisiana National Guard.

Why These Attacks Keep Happening

The rapidly growing number of malware attacks on both sides of the Atlantic are a result of local governments having relatively large sums of money at their disposal and being soft targets owing to their generally limited cybersecurity budgets. Local authorities are currently working hard to streamline and improve services with the introduction of new technologies such as cloud computing and the internet of things (IoT). 

This means that their operations are increasingly connected to external local and international networks, exposing them to a wide variety of threat actors. The accountability of local authorities to the citizens they serve and their increasingly public-facing nature also makes them easy targets for sophisticated hacker groups. For example, socially engineered phishing attacks can be used to dupe staff into, albeit unwittingly, opening a breach in local government cyber defenses. All the employee has to do is open a single link in an email which, although actually coming from an unknown source, has been faked to resemble similar emails from trusted sources.

New Orleans Chief Information Officer Kim LaGrue During told Saturday’s press conference that there is evidence that some of the City of New Orleans’ staff credentials had been compromised in order to execute the initial breach of the municipality’s cyber defense systems. 

It’s Time for A Different Approach

In order to combat the increasing sophistication of the ransomware attacks now being directed at local government, municipalities must direct their cybersecurity resources at acquiring enterprise-level threat intelligence and risk management if they are to anticipate and block the growing number of cyber-attacks. Merely reacting to these incidents is no longer sufficient. 

SCADAfence has been preaching a proactive approach to cybersecurity for a while and it proving to be very effective. In fact, SCADAfence’s latest product release, version 6.0, has a full built-in suite of tools with a proactive and preventive focus. Users are already identifying mission-critical systems and networks automatically, and they get a high-level view of their network exposure, evaluating the vulnerabilities of their networks, devices, and protocols. The combination of criticality, vulnerability, and exposure allows users to invest their efforts into areas where they will receive the highest return-on-investment in terms of security value.

Organizations wishing to avoid financial losses and disruption of their services must now adopt a similar proactive and preventive approach to their cybersecurity strategy. This is the best way to prevent a state of emergency situations like in New Orleans, and other types of devastating cyber-attacks in the near future.