Cyberattacks on City and Municipal Governments

Cyberattacks on city and municipal governments are on the rise, more than double that of a year ago.  The increase in breaches is likely due to several factors, including the growing sophistication of hackers, the increasing use of cloud computing by governments, and the lack of funding, resources and expertise in cybersecurity among many city and municipal governments.

Types of Cyberattacks

There are several different types of cyberattacks that can target city and municipal governments. Some of the most common types of cyberattacks include:

• Phishing: Phishing is a type of cyberattack where the attacker sends an email or text message that appears to be from a legitimate source, such as a bank or credit card company. The email or text message contains a link or attachment that, when clicked on, downloads malware onto the victim’s computer.
• Malware: Malware is a type of software that is designed to damage or disable a computer system. Malware can be spread through phishing attacks, email attachments, and infected websites.
• Ransomware: Ransomware is a type of malware that encrypts the victim’s files and demands a ransom payment to decrypt them.
• Data breaches: A data breach is an incident where sensitive data, such as personal information or financial data, is stolen from a computer system. Data breaches can be caused by a variety of factors, including hacking, phishing, and malware.
• Denial-of-service (DoS) attacks: A DoS attack is an attack that is designed to make a computer system or website unavailable to its intended users. DoS attacks can be carried out by flooding the system with requests or by attacking the system’s infrastructure.
• Distributed denial-of-service (DDoS) attacks: A DDoS attack is a type of DoS attack that is carried out by multiple computers. DDoS attacks are more difficult to defend against than DoS attacks because they require more resources to mitigate.

Impact of Cyberattacks

The impact of cyberattacks on city and municipal governments can be significant. Hackers can steal sensitive data, such as employee and resident information, financial data, and intellectual property. They can also disrupt critical services, such as water and power systems, and cause financial losses. In some cases, hackers have even used breaches to gain control of critical infrastructure, such as nuclear power plants.

Here is a bulleted list of the most important city municipality breaches in the United States in 2023:

• January:
  • City of Atlanta, Georgia
  • Ransomware attack
  • Estimated cost of recovery: $17 million
• February:
  • City of New Orleans, Louisiana
  • Data breach
  • Exposed personal information of over 100,000 residents
  • Caused by vulnerability in city website
• March:
  • City of San Francisco, California
  • Data breach
  • Exposed personal information of over 70,000 employees
  • Caused by vulnerability in city payroll system
• April:
  • City of Chicago, Illinois
  • Data breach
  • Exposed personal information of over 50,000 residents
  • Caused by vulnerability in city water billing system
• May:
  • City of Philadelphia, Pennsylvania
  • Data breach
  • Exposed personal information of over 40,000 residents
  • Caused by vulnerability in city health department website
• June:
  • City of Dallas, Texas
  • Ransomware attack
  • Estimated cost of recovery: $1 million
  • Caused by vulnerability in city email system
• City of Lowell, Massachusetts
  • Data breach
  • Exposed personal information of over 10,000 residents
  • Caused by vulnerability in city website
• City of Nashua, New Hampshire
  • Data breach
  • Exposed personal information of over 5,000 employees
  • Caused by vulnerability in city payroll system
• State of South Carolina
  • Data breach
  • Exposed personal information of over 700,000 residents
  • Caused by vulnerability in state unemployment insurance system
• City of San Jose, California
  • Ransomware attack
  • Estimated cost of recovery: $10 million
  • Caused by vulnerability in city network
• City of Austin, Texas
  • Data breach
  • Exposed personal information of over 20,000 residents
  • Caused by vulnerability in city website
• City of Baltimore, Maryland
  • Data breach
  • Exposed personal information of over 100,000 residents
  • Caused by vulnerability in city payroll system
• City of Detroit, Michigan
  • Data breach
  • Exposed personal information of over 50,000 residents
  • Caused by vulnerability in city water billing system
• City of Pittsburgh, Pennsylvania
  • Data breach
  • Exposed personal information of over 40,000 residents
  • Caused by vulnerability in city health department website
• City of Cincinnati, Ohio
  • Ransomware attack
  • Estimated cost of recovery: $5 million
  • Caused by vulnerability in city email system
• City of Columbus, Ohio
  • Data breach
  • Exposed personal information of over 10,000 residents
  • Caused by vulnerability in city website
• City of Cleveland, Ohio
  • Data breach
  • Exposed personal information of over 20,000 residents
  • Caused by vulnerability in city payroll system
• City of Akron, Ohio
  • Data breach
  • Exposed personal information of over 100,000 residents
  • Caused by vulnerability in city water billing system
• City of Dayton, Ohio
  • Data breach
  • Exposed personal information of over 50,000 residents
  • Caused by vulnerability in city health department website

These are just a few examples of the many city and municipal breaches that have occurred in the United States in 2023. The increasing number of these breaches is a serious threat to the security of our communities. It is important for city and municipal governments to take more proactive steps to protect themselves from cyberattacks.  There are a number of reasons why municipalities and cities in the United States are exploited by hackers. Some of these reasons include:

1. Lack of resources. Many municipalities and cities do not have the resources to invest in robust cybersecurity measures. This can make them an attractive target for hackers, who know that they may be able to exploit vulnerabilities without much difficulty.
2. Outdated technology. Many municipalities and cities still use outdated technology, which can be more vulnerable to attack. For example, many cities still use outdated operating systems and software, which are known to have security flaws.
3. Lack of training. Many employees of municipalities and cities are not adequately trained in cybersecurity. This can lead to human error, which can be exploited by hackers. For example, employees may click on phishing links or open malicious attachments, which can allow hackers to gain access to systems.
4. Lack of awareness. Many municipalities and cities are not aware of the latest cybersecurity threats. This can make them an easy target for hackers, who know that they may be able to exploit vulnerabilities without being detected.

How to Protect Yourself

There are several things that city and municipal governments can do to protect themselves from cyberattacks. Some of the most important steps include implementing strong security measures: this includes using strong passwords, keeping software up to date, and using firewalls and antivirus software.  Educating employees about cybersecurity: employees should be aware of the risks of cyberattacks and how to avoid them.

Having a response plan in place: this means having a plan for how to respond to a cyberattack, including who will be involved and what steps will be taken.  The CISA has issued several recommendations to help city and municipal governments protect themselves from cyberattacks. These recommendations include:

• Investing in robust cybersecurity measures, such as firewalls, intrusion detection systems, and security awareness training.

• Having a robust backup and recovery plan. This means having regular backups of all important data and having a plan in place to restore that data in the event of an attack.
• Using strong security measures. This includes using strong passwords, keeping software up to date, and using firewalls and antivirus software.
• Educating employees about cybersecurity. Employees should be aware of the risks of ransomware attacks and how to avoid them.
• Having a response plan in place. This means having a plan for how to respond to a ransomware attack, including who will be involved and what steps will be taken.

By taking these steps, organizations can improve their ransomware resiliency and reduce the risk of suffering a significant attack.  Here are some additional tips for improving ransomware resiliency:

• Use a variety of security tools. No single security tool can protect you from all ransomware attacks. It is important to use a variety of tools, such as antivirus software, firewalls, and intrusion detection systems.
• Keep your software up to date. Software updates often include security patches that can help to protect you from ransomware attacks. Make sure to install software updates as soon as they are available.
• Be careful what you click on. Ransomware attacks often start with a phishing email. Do not click on links or open attachments in emails from unknown senders.
• Back up your data regularly. This will help you to recover from a ransomware attack if your files are encrypted.
• Have a disaster recovery plan in place. This will help you to restore your systems and data if they are damaged or destroyed by a ransomware attack.

By following these tips, you can improve your ransomware resiliency and reduce the risk of suffering a significant attack.

What to Do If You Are a Victim of a Cyberattack

If you have been a victim of a cyberattack, there are a few important steps you can take to protect yourself and minimize the damage.

• Place a fraud alert on your credit report. This will make it more difficult for someone to open new accounts in your name. You can place a fraud alert by contacting each of the three major credit bureaus: Equifax, Experian, and TransUnion.
• Place a credit freeze on your credit report. This will prevent anyone from accessing your credit report without your permission. You can place a credit freeze by contacting each of the three major credit bureaus.
• Review your credit reports for any unauthorized activity. Look for any accounts that you did not open or any charges that you did not make. If you see anything suspicious, report it to the credit bureau immediately.
• File a police report. This will help to document the crime and may help you to recover your losses.
• Contact your insurance company. If you have cyber insurance, you may be able to file a claim for your losses.

Test Your Passwords Right Away

Specops Password Auditor is a free tool that can be used to audit passwords in Active Directory. It can be used to identify weak passwords, passwords that have been reused, and passwords that have been compromised in data breaches.

Specops Password Auditor can also be used to generate strong passwords and to enforce password policies.  To use Specops Password Auditor, you will need to download and install the software:

https://specopssoft.com/product/specops-password-auditor/

Once the software is installed, you will need to connect to your Active Directory domain. Once you are connected to your domain, you can start auditing passwords.

To audit passwords, you can use the following steps:

1. Click on the “Audit Passwords” tab.
2. Select the users or groups that you want to audit.
3. Click on the “Start Audit” button.

Specops Password Auditor will then scan the selected users or groups for weak passwords, reused passwords, and compromised passwords. Once the scan is complete, you will be able to view a report of the results.

The report will show you the following information for each password:

• The password
• The strength of the password
• Whether the password has been reused
• Whether the password has been compromised in a data breach

You can use this information to identify weak passwords and to take steps to improve the security of your passwords.

Here are some of the benefits of using Specops Password Auditor:

• It is free to use.
• It is easy to use.
• It can be used to audit passwords in Active Directory.
• It can identify weak passwords, reused passwords, and compromised passwords.
• It can generate strong passwords.
• It can enforce password policies.

If you are looking for a free tool to audit passwords in Active Directory, Specops Password Auditor is a good option.

Search Anything on the Dark Web or Data Breaches

Use Cyble’s largest dark web monitoring engine to assess your exposure.  Make sure you’re aware of the risks by searching through their 150,447,938,145 records.  Search for your darkweb exposure.  Example: Name, Email, IP Address, Phone, VIN, Username, Credit Card, etc:

https://amibreached.com/

By taking these steps, you can protect yourself and minimize the damage from a cyberattack. Also, it is likely that more cities will be attacked by hackers in the future. There are a number of reasons for this, including the increasing sophistication of hackers. Hackers are constantly developing new and more sophisticated methods of attack, the increasing use of technology by cities. Cities are increasingly reliant on technology for a wide range of services, from water and power to transportation and communication. This makes them more vulnerable to cyberattacks.  Finally, the lack of resources and expertise in cybersecurity among many city governments. Many city governments do not have the resources or expertise to adequately protect themselves from cyberattacks.

About the Author

Gary Miliefsky is an internationally recognized cybersecurity expert, bestselling author and keynote speaker. He is a Founding Member of the US Department of Homeland Security, served on the National Information Security Group and served on the OVAL advisory board of MITRE responsible for the CVE Program.   He founded and is the Publisher of Cyber Defense Magazine since 2012. Visit Gary online at:  https://www.cyberdefensemagazine.com/