National Cybersecurity Awareness Month may have ended on October 31, 2023, but concerns over malicious (and often costly) cyber activity certainly have not. Apprehension appears to be on the rise as more public and private sector organizations fall victim to cyberattacks. Among them are state and local governments, school systems, hospitals, utilities, and retailers, to name a few. 

The latest to join the unfortunate ranks, according to one GovTech article, is Clark County, Nevada, the fifth largest school system in the country. It is there that “hackers claim to have access to its network still as they seek a monetary payout in exchange for deleting stolen student data.” In other words, a ransomware attack. 

Ransomware, as explained by the Cybersecurity Infrastructure & Security Agency (CISA), is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them, unusable. Malicious actors then demand ransom in exchange for decryption.” The organization exists to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. 

Another new cyber victim was the County of Dallas, Texas. Officials there recently announced that the ransomware group, Play, claimed on the dark web to be in possession of sensitive county information. Fortunately, the county’s IT staff interrupted the attempt and “effectively prevented any encryption of its files or systems.”

The ransomware attack on Dallas County, Texas, is the third in the state in less than a year. In November 2022, there was an attack on the Dallas Central Appraisal District. And in May 2023, an attack was set upon the City of Dallas itself. Both were incredibly problematic, taking months to resolve the entities’ systems from the damage. 

According to the cybersecurity firm Emisoft, well-known for helping ransomware victims recover data following such attacks, ransomware gangs hit at least 72 local governments in the U.S. in 2022. Further, the company says 106 local governments were hit in 2022, as well as 44 universities and colleges, 45 school districts (operating 1,981 schools), and 25 healthcare providers (operating 290 hospitals).

Also, according to Emisoft, the number of U.S. healthcare organizations breached by ransomware gangs in 2023 has already reached 19 as of June. It will be interesting to see what this number climbs to by the end of the year, as well as the overall costs. 

Hackers, scammers, hacktivists, and other cybercriminals are constantly looking for ways to get inside organizations and steal one of their most precious assets – their data. Most commonly, they use malware, i.e., ransomware, spyware, viruses, and worms) or phishing scams, which involve fraudulent communications that appear to come from a reputable source (usually through email). 

Other cybersecurity threats, as recently outlined by technology powerhouse Cisco, are: 

  •  Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, which occur when attackers insert themselves into a two-party transaction.
  • Denial of service attacks, which flood systems, servers, or networks with traffic to exhaust resources and bandwidth so legitimate requests cannot be fulfilled. 
  • Structured Query Language (SQL) injections which occur when an attacker inserts malicious code into a server that uses SQL, forcing it to reveal information that it would typically not. 
  • Zero-day exploits, which hit after a network vulnerability is announced but before a patch or solution is implemented. 
  • DNS tunneling is used to disguise outbound traffic as domain name system protocol, concealing data that is typically shared through an internet connection. For malicious use, DNS requests are manipulated to exfiltrate data from a compromised system to the attacker’s infrastructure. Per Cisco, it can also be used for command and control callbacks from the attacker’s infrastructure to a compromised system.

At BOLDplanning, a division of Agility, we cannot emphasize enough the importance of taking proactive measures to safeguard your organization and its sensitive data. Besides the basics of using antivirus/antispyware software, keeping operating systems and apps current, adopting a formal internet/email policy, and training employees in basic cybersecurity principles, make cybersecurity a key part of your organization’s continuity of operations, continuity of IT operations, and/or emergency operations planning strategy. 

As mentioned in a previous BOLDplanning blog post, don’t just put your cybersecurity plan in writing; put it to the test. Consider adding a cyber scenario to your next preparedness drill or exercise. It’s a simple and inexpensive way to assess and, more importantly, improve your organization’s response capabilities and, ultimately, ensure its resilience.