Support 416-591-6711 option 1 or Email Us

Government Organizations Fall Victim to Cyberattacks

Mon, 27 May 2019

When we think about protecting the government an image of the parliament buildings guarded by RCMP in full uniform might come to mind; or police officers and army soldiers, armed, and specially trained, to stop threats. However, all levels of the Canadian government have an online presence making the government vulnerable to cyber assaults. Keeping the government secure relies on more than military guard; it requires a layered cybersecurity strategy and incident response plan specific to the needs of the government agency.  

Cybersecurity for Government

The problem, as presented to the Canadian Government Standing Senate Committee on Banking, Trade and Commerce by John P. Carlin, Chair, Morrison & Forester LLP, is that "Over a 25- to 30-year period, we moved almost everything we value in the west from analogue form — books and papers — to digital form, and then connected it through an internet protocol —TCP-IP — that was never designed for security. We did so without properly calculating the risk that would come from making that move as terrorists, crooks, spies and nation-states moved to exploit this now digitally stored information that's connected through the internet."[i] 

The risk is widely known now, with governments all over the world fending off attacks from hacktivists and threat actors employed by nation-states. Two widely publicized federal government assaults occurred in 2015, when both the U.S. Voter Database, affecting 191 Million Americans, and the U.S. Office of Personnel Management, affecting 21.5 Million Americans, were both breached.[ii] [iii] The issue then becomes how to protect the digitalized government files and data from being exploited. 

Federal governments have the resources to employ the best cybersecurity experts and technologies to protect their systems, and yet still the hackers find a way in. Smaller government bodies, like municipal governments, lacking the expert personnel and state-of-the-art equipment that federal and provincial governments benefit from, are exceedingly vulnerable to cyberattacks. In the last year, there has been an upsurge in attacks targeting municipal governments.

Our neighbours to the south are under attack

In late 2018 and early 2019, there was a slew of cyberattacks that infiltrated municipal government computer systems statewide across New Jersey. Oakland, Rockaway Township, Montville, Elmwood Park and Fair Lawn, amongst others, all were cyber-assaulted. According to the Municipal Excess Liability (MEL), Joint Insurance Fund, the number of claims was “unusually high.”[iv] The Executive Director of MEL, David Grubb, said that it’s concerning that cyber insurance claims are growing faster than other categories.

The MEL sees ransomware attack demands in the hundreds of thousands of dollars, where costs used to be a fraction of that amount. Cyberattacks that idle municipal employees, or infiltrate police department records, are worrisome, Grubb said. The majority of the cyberattack claims are for ransomware named Ryuk. Ryuk was first detected in 2018 and is “very advanced, killing many processes and embedding itself deep into the system, in addition to deleting backup files, making it difficult to successfully overcome.”[v] 

Grubb stated that “The criminals appear to have learned that designing such advanced malicious software with a high success rate would pay off, as the ransoms demanded have been over $100,000 in each incident.”[vi] To make matters worse the ransom escalates each day.

Cyberattacks close to home

In the Fall of 2018, there was an outbreak cyberattacks aimed at Ontario municipal governments. These were ransomware attacks where hackers demanded ransom money to be paid to unlock compromised systems. The provincial police warned government bodies to be vigilant in guarding against what they deemed a “recent trend.”[vii] "In recent months, there have been several ransomware attacks on businesses and municipal government offices within Ontario," wrote the OPP.

In Midland, Ontario, town officials discovered that many of the municipality’s servers had been compromised and locked down by a hacker. According to Mayor Gord McKay the cyberattack crippled Midland’s financial systems. However, he also indicated that the results could have been worse had the attack happened three months prior. 

Midland officials were prompted to take out cyber insurance three months earlier to protect against cyberattacks after Wasaga Beach, Ontario, underwent a ransomware attack. "We took good regard as to what happened over there and said, 'ok, no reason why it shouldn't happen here ... so let's start taking precautionary measures," McKay said.[viii] Through the insurance company, Midland paid an undisclosed ransom amount to enable their systems again.

Midland and Wasaga Beach’s experiences suggest that an emerging industry around municipal government cyberattacks is growing. McKay added that he's heard from municipalities both inside and outside of Ontario who've experienced similar cyber assaults. "It's happening a fair bit out there, but obviously people don't like to talk about it," McKay said. "There's an industry being built up about it, both on the bad guys' side and also on the recovery side."[ix]

Atty Mashatan, a Ryerson University IT professor, said that globally, malware attacks across all sectors are giving rise to a budding industry. A recent report shows that in Canada, malware attacks are up 103 percent over 2018.[x] The same report also shows that fake ransomware attacks are being employed to trick companies. Fake ransomware attacks mean that perhaps only the master boot record is corrupted, and the actual files aren't encrypted, but a threatening message is enough to scare some people into automatically paying.

Mashatan highlighted that many cyber insurance plans are available. However, she stressed that sound cybersecurity, including robust anti-malware and anti-virus installations and offline system back-up measures, is the best insurance.[xi]

Making all levels of government cyber-resilient

It is essential to understand that any device that connects to the Internet can be hacked: If it’s connected, then it is vulnerable. Government agencies have a lot of volunteers, short-term contract employees, vendors, and staff accessing the same system, which increases risk. For a skilled hacker, all it takes to jeopardize an entire network is access to a single device or individual. Zero-trust access, or restricted system access, should be in place in a government organization.

Protecting the vast amounts of government-collected data is of increasing importance with ransomware attacks targeting municipalities on the rise. Government bodies need to respond with network fortification measures and government-specific incident response plans. Talk to the cybersecurity solutions specialists at ISA, who have over 27-years of demonstrated industry excellence, about how to protect your government organization from a cyber attack.



‹ Back