Texas Cyber Attack Has Taken 23 Government Agencies Offline

It has been reported that the Department of Information Resources (DIR) has confirmed that the state of Texas has been responding to a cyber-attack that has affected at least 23 government agencies. Details are at a minimum at the moment as the Department of Information Resources (DIR) leads the response and investigation into the attacks. Texas released a brief notification advising affected local jurisdictions to call the state’s Division of Emergency Management for assistance. The attacks started in the morning of August 16 and based on the collected evidence appear to have been conducted by a single threat actor.

The latest development to this hack is that the hacker is now demanding a collective ransom of $2.5 million. The names of all the municipalities impacted by the attack remain undisclosed, but two of them announced the hit publicly. Ransomware incidents have increased lately in the U.S., and the government sector is a frequent target. And it makes sense when more and more administrative entities decide to pay the ransom, which may get as high as half a million dollars.


EXPERTS COMMENTS
Josh Lemos , Vice President of Research & Intelligence ,  BlackBerry Cylance
September 05, 2019
Local and State Municipalities are Soft Targets for Attackers
While our data shows a decline in general purpose ransomware, targeted ransomware has become a powerful weapon against state and local municipalities who often have underfunded and understaffed information security programs. This makes them relatively soft targets for attackers who are selecting victims to maximize their probability of payment.
Bill Conner, CEO,  SonicWall
August 23, 2019
Everyday operations are then held for ransom at high costs.
Its too easy to demand and receive ransom payment without the risks associated with traditional data ex filtration. Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue. As we’ve witnessed across K-12 school districts and municipalities this summer, ransomware attacks are highly disruptive, said Conner. Today’s citizen-centric environments — networks that spread across city hall, law enforcement agencies, court houses and the DMV — can be compromised in minutes. Everyday operations are then held for ransom at high costs.
Robert Ramsden Board, VP EMEA ,  Securonix
August 22, 2019
However, it generally is never recommended to pay ransom demands as this only fuels the industry.
US government bodies have recently been a major target for ransomware attackers as they have been seeing huge pay outs from their attacks, with numerous governments giving into attacker demands and reportedly paying ransoms. It is therefore not surprising the attackers in this incidence are demanding such a huge amount of money – if it worked with previous government agencies, why should it work again? However, it generally is never recommended to pay ransom demands as this only fuels the industry. Instead the best defence against ransomware is a comprehensive security program that protects against known threats and malicious intent or behaviour. Companies and governments have an obligation to protect themselves and their citizens or customers from ransomware attackers. Protecting data assets should now be considered a key component of national defence.
Corin Imai, Senior Security Advisor ,  DomainTools
August 20, 2019
It is important to use the coverage that these attacks are gaining on the media to promote cybersecurity awareness among local governments and SMEs.
Different forms of cybercrime go in and out of fashion according to how effective they are at any given moment. Recently, ransomware targeting smaller local government entities has proven to be a profitable endeavour, hence the rise in this type of attacks. Another element granting popularity to this type of attacks is that they are relatively low cost and easy to pull off, especially when the target isn’t a large enterprise with the resources to protect its entry points, patch regularly and train its employees on email hygiene best practices. It is important to use the coverage that these attacks are gaining on the media to promote cybersecurity awareness among local governments and SMEs, which, regardless of their size, should realise that they are still potential targets and should therefore move cybersecurity at the forefront of their agenda; sometimes, even just ensuring that employees are prepared to recognise the signs of a phishing email can be what makes the difference between having to pay a ransom and a diverted security incident.
Liron Barak, CEO,  BitDam
August 20, 2019
Cities offer a great opportunity for hackers, who look for easy targets showing high potential.
Attacking local governments poses great potential for hackers. In addition to the regular “hacker's benefits” of gaining access to customer data, an attacker who penetrates a city's system may get access to sensitive residents information. Depending on the IT structure of the targeted local government, hackers can have an impact on multiple systems, beyond just customer information databases. From an attacker's perspective, the potential in hacking a city is much higher than the potential in hacking a commercial organisation. In addition, local governments tend to communicate with a wide variety of businesses and individuals, with many of them being one time contacts. This makes them more vulnerable to attacks, as their employees don't know most of the contacts with whom they communicate in person. Moreover, when it comes to cities in the U.S, many of them are comprised of multiple departments and units, using various technological platforms, policies, and processes. This structure may make it more difficult for the security team to protect each and every endpoint. To summarise, cities offer a great opportunity for hackers, who look for easy targets showing high potential. Therefore, it is no surprise that most of the top 25 U.S. cities have cyber-insurance or are looking to buy a policy, according to The Wall Street Journal. Cities should be more aware of the risk, train their employees and constantly update their systems with security updates and patches. They should also get familiar with the latest development in cybersecurity to ensure they are not lagging behind in this cat and mouse race of cyberattacks vs cybersecurity solutions.
Javvad Malik, Security Awareness Advocate,  KnowBe4
August 20, 2019
Recently Florida city agreed to pay $600,000 in ransomware after being affected.
Not only have ransomware attacks been growing, but the amounts they have been demanding has been getting higher, and there has been more specific targeting of victims. Recently Florida city agreed to pay $600,000 in ransomware after being affected. So this co-ordinated attack against Texas may be as a result of seeing how cities or city departments are potentially willing to pay a ransom. For many cities, and enterprises, recovery from backups is also not a cheap option, so preventing ransomware is vitally important. With many infections spreading through phishing, training users to be able to spot and report suspected attempts is the first line of defense before technical controls.
Mike Bittner, Associate Director of Digital Security and Operations ,  The Media Trust
August 20, 2019
The fact is, if you secure and back up your files, you won’t have to negotiate with or pay off bad actors.
The rash of ransomware attacks on government entities has set off alarm bells among state and federal law enforcement agencies. The fact that a lone actor is said to be behind the attack on 23 entities underscores the security vulnerabilities of local government entities coupled with the growing sophistication of hackers. Moreover, it throws into question the wisdom behind some previously hacked entities’ decision to pay the ransom. The fact is, if you secure and back up your files, you won’t have to negotiate with or pay off bad actors. And if entities refuse to pay, they’ll make these attacks less lucrative and appealing.
Saryu Nayyar, CEO,  Gurucul
August 20, 2019
Ransomware is also one of the most basic cyberattack vectors to defend against.
This is the latest reminder that ransomware attacks are so common because they’re usually profitable for the attackers. Ransomware is also one of the most basic cyberattack vectors to defend against. It can be thwarted by a couple of tactics that have long been in use – patches and backups. Ransomware usually relies on human errors or known, unpatched vulnerabilities to succeed. When it does succeed, and the victim doesn’t have backups, the attacker’s extortion tactics often work. Many overburdened IT departments don’t have the time or the tools to get the cybersecurity basics right. Every organisation should use two factor authentication (2FA) to block brute force attacks, perform regular backups of valuable data, deploy patches and updates immediately to stop known threats and provide each critical system with a unique and frequently updated password. From there, organisations should invest in modern cybersecurity technology with machine learning algorithms that can identify anomalous behaviours in real-time, before an attacker can strike.
Andrea Carcano, Co-founder and CPO,  Nozomi Networks
August 20, 2019
The severity of this latest attack should act as a warning to critical infrastructure.
This latest ransomware attack serves as a scary remind of the damage cybercriminals can inflict when they target critical infrastructure. Over the past couple of months, we have witnessed a significant rise in the number of ransomware attacks against US government services. The severity of this latest attack should act as a warning to critical infrastructure providers globally of the need to secure and protect their systems. For ransomware, prevention is always better than a cure. Organisations need to invest in deploying artificial intelligence and machine learning tools to monitor for anomalies and identify cyber-attacks in real-time before they cause harm.
Jon Lucas, Co-director ,  Hyve
August 20, 2019
The reality is that these attacks will keep happening until organisations take more proactive action to protect themselves.
The news that 23 Texas government organisations have been infected with ransomware is the latest in a news cycle flooded with expensive and high-profile ransomware attacks, that increasingly features organisations in the public sector. The reality is that these attacks will keep happening until organisations take more proactive action to protect themselves. Better user education to improve the human factor in their security strategy is imperative. On top of this, they need a greater level of technology protection to prevent vulnerabilities from being exploited, antivirus protection should be a given, as well as on and off site backups for added security. “As cyber-crime grows ever-more sophisticated, it is crucial that all organisations address how they will prevent ransomware attacks. This is especially critical for organisations in the public sector, as they often have thousands of citizens, including the most vulnerable, dependent on their services running smoothly.

Join the Conversation

Join the Conversation


In this article