3 Sources of Cyberattacks – and 3 Preventive Steps Government Can Take (Industry Perspective)

By understanding where attacks come from and some preventive steps you can take to minimize an attack, your agency will be better prepared to defend itself and your constituents.

When it comes to cybercrime, the numbers tell a startling story:

  • According to a Bank of America Merrill Lynch report in 2015, 80 million to 90 million cybersecurity events happen every year.
  • The same study revealed 70 percent of cybercrimes go undetected.
  • According to a PricewaterhouseCoopers study, 1 billion data records were compromised in 2014.
What affect is cybercrime having on your constituents? Cyberthreats and cybercrimes have become a part of our vernacular, with The New York Times publishing 700 articles in 2014 related to data breaches, versus just 125 in 2013. Not only has cybercrime entered our regular conversations, but it tops the list of constituent fears as well. According to a 2014 Gallup poll, Americans fear having their credit card information stolen by hackers more than they fear getting robbed or even being murdered.

Add to this the fact that mobile devices have opened up access to information in astounding ways — from tracking health information to finding an address using GPS. With all of the opportunities today’s technology provides, it also opens the door to cybersecurity risks.

The cybercriminals posing the greatest risk to you and the constituents you serve can be grouped into three broad categories: state-sponsored threat actors, hacktivists and individual cybercriminals. Understanding the main differences between each cybercriminal type can be your agency’s best cyberthreat defense.

1. State-sponsored, also known as nation-state threat actors

These type of cybercriminals typically are backed by hostile foreign governments. Their highly targeted attacks are attempts to steal intellectual property, get access to military intelligence or gain tactical advantage over a rival nation. In the past, U.S. companies Westinghouse Electric Company, U.S. Steel Corp. and others have fallen victim to state-sponsored attacks. In a February 2016 hearing before the House Appropriations Committee — Subcommittee on Commerce, Justice, Science and Related Agencies, FBI Director James Comey spoke about the agency’s focus on state-sponsored cyberthreats, saying, “virtually every national security threat and crime problem the FBI faces is cyber-based or -facilitated … we are targeting the most dangerous malicious cyberactivities: high-level intrusions by state-sponsored hackers.”

With state-sponsored attacks on the rise, even such companies as Facebook are getting involved, warning users who may be the target of state-sponsored actors.

2. Hacktivists

Hacktivists launch attacks to promote political agendas. The term “hacktivist” first surfaced in the mid-1990s and became a mainstream term in 2008 with the public emergence of Anonymous, probably one of the best-known hacktivist groups in the United States.

In 2014, following the shooting death of Ferguson, Mo., youth Michael Brown in an incident involving police officers, Anonymous took down several city websites, including that of the Ferguson Police Department. Recent hacktivism by Anonymous includes disrupting service to the state of Michigan’s website in January 2016 following the news of lead-tainted water supplies in Flint.

3. Individual threat actors

Individual threat actors are those who commit cybercrimes for “sport,” often in an attempt to boost their cyber-credentials and hacker reputations. These actors typically operate alone, but their goal appears to be proving their skills and being recruited via social media for larger, more organized attacks. Recently, ransomware is on the rise as a prevalent individual threat actor attack mechanism. Ransomware infects a computer and restricts access, demanding a ransom to remove the restriction placed on the computer and/or files. Typically these attacks request payment via bitcoin because it is largely untraceable.

Cryptowall, a type of ransomware, first appeared in 2014. The FBI estimates that as of June 2015, more than $18 million has been collected by Cryptowall. Targets can range from individuals to companies.

Organizations hit by ransomware include Hollywood Presbyterian Hospital in California, whose entire computer network was disabled, including digital patient records. The hackers encrypted the hospital’s data and demanded $3 million to unlock (decrypt) the network. The hospital reportedly paid a ransom to the hackers in bitcoins equivalent to approximately $17,000. The city of Detroit also was a victim of ransomware and, in this case, the city’s entire database was encrypted and held for a ransom of 2,000 bitcoins worth about $800,000. The city did not pay the ransom.  

Prevention Is Key

Cyberattacks may be hitting government from a variety of sources, but your agency can take initial preventive steps:

  1. Hacktivists follow controversial legislation or civic unrest. Monitor current events in your region for situations that may ignite hacktivism.
  2. Prepare in advance with your Internet service provider (ISP). Have a mitigation plan in place prior to an attack. It is much more difficult to plan your response in real time in the middle of a crisis event.
  3. Consider outsourcing your hosting needs. You also may choose to parse out large agencies with special hosting needs. In addition, consider “spreading the wealth” of your hosting needs with multiple hosting providers. Limit your hosting needs with only one provider.
Cyberthreats are constantly evolving. Like a virus that becomes immune to the original antibiotic cure, cyberattacks and threat actors continuously switch tactics in an attempt to stay a step ahead of virus protection software and law enforcement.

Cyberattacks are here to stay and the havoc they wreak is pervasive. By understanding where attacks come from and some preventive steps you can take to minimize an attack, your agency will be better prepared to defend itself and your constituents.

Jayne Friedland Holland is Chief Security Officer at NIC Inc., managing NIC’s legal, policy and technology practices to ensure security of public-sector Web portals and online services. She oversees enterprisewide Payment Card Industry (PCI) compliance and performs internal infrastructure security reviews. Contact her at jayne@egov.com.