1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

5/5/2019

0 Comments

Why Local Government Offices Are Targeted by Cyber Attackers and How to Prevent Such Attacks

 
canadian government cyberattack

Why Local Government Offices Are Targeted by Cyber Attackers and How to Prevent Such Attacks

In recent months, a concerning number of local governments in Ontario, Canada have openly admitted that they have been victims of cyber-attacks. What could have caused these attacks? And what can be done to prevent these attacks? 

Town of Wasaga Beach

The Town of Wasaga Beach,Ontario admitted that on April 30, 2018, several of its servers were illegally accessed and infected with a ransomware – a type of malicious software (malware) that encrypts computer systems and files, locking out users and demands ransom payment in exchange for the keys that would decrypt or unlock the computer systems and files.

It took the Town of Wasaga Beach approximately 7 weeks to fully recover from the ransomware attack and as a result, the Town lost hundreds of thousands of Canadian dollars, with 3 bitcoin, valued at $34,950 Canadian at the time of payment, paid to the ransomware attackers and bulk of the cost went into the internal productivity losses totaling $251,759 Canadian.

Town of Midland

The Town of Midland, Ontario admitted that on September 1, 2018 its network was illegally accessed and infected with ransomware. Six days after the ransomware attack, on September 6, 2018, the Town of Midland announced that it initiated the process of paying the ransom demanded by the attackers. It wasn’t specified though how much was paid to the attackers.

In exchange for the decryption keys, the Town said that it “initiated the process to pay the ransom.” The Town added, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible.”

City of Stratford

The City of Stratford, Ontario admitted that on April 14, this year, its computer systems were illegally accessed and infected with an unspecified virus – a type of malware that spreads by attaching itself to legitimate computer files and programs and distributed via infected flash drives, emails or websites. This unspecified virus, the City said encrypted computer systems and files and locked out users.

“We have now begun methodically unlocking and decrypting our systems,” the City said. “This is a thorough process that takes days, not hours.”

A computer virus that locks computer users out through encryption and requires decryption to unlock is typical of a ransomware. Decryption key or keys used to unlock the systems or files are given out by ransomware attackers. In the case of the City of Stratford, it wasn’t specified whether or not ransom was paid to the attackers.

City of Ottawa

On April 8, 2019, it was revealed that the City of Ottawa, Ontario fell victim to a common fraud scheme called “Business Email Compromise (BEC)” scam. The City's Office of the Auditor General reported that US$97,797 was transferred to an account of a phony supplier as a result of the BEC scam – a cyber attack that targets organizations that conduct wire transfers for its suppliers. In a BEC scam, email accounts of executives or high-level employees are either spoofed or compromised for the purpose of fraudulent wire transfers, resulting in hundreds of thousands of dollars in losses.

“On July 6, 2018, the General Manager, Corporate Services and City Treasurer (the ‘City Treasurer’), received an email (the ‘Email’) apparently from the City Manager,” the Office of the Auditor General said. “The Email, which was later identified as a spoofed email, requested that a wire transfer in the amount of US$97,797.20 (the ‘Funds’) be processed for the completion of an acquisition. With the City Treasurer’s approval, later that day the request was processed, and the Funds were issued.”

A portion of the City’s funds ended up in a bank account that the U.S. Secret Service monitored and seized. It’s unclear how much, if any, might eventually be recovered by the City of Ottawa from this seized bank account.

Prevention

Local governments are targeted by cyber criminals as these government organizations are repositories of trove of sensitive data from government licenses to government contracts. The fact that local governments have the financial capability to pay also makes them attractive targets to cyber criminals. And the willingness of some local governments to pay attackers compounded this growing problem.

The growing number of cyber attacks, in particular, ransomware attacks against local government offices within Ontario prompted the Ontario Provincial Police(OPP) to issue a ransomware alert. As to the question of paying attackers ransom, the OPP said, “The OPP does not support paying ransomware attackers, as it only encourages further criminal activity, and there is no guarantee that payment will restore the encrypted data.”

Here are some cybersecurity best practices in order to prevent or mitigate the effects of cyber attacks:

Mind the Emails

Many of today’s cyber criminals use emails as a means to infiltrate the IT systems of organizations. Many of ransomware attacks are carried out by malicious emails, containing malicious attachments or malicious links. Clicking a malicious attachment or clicking a malicious link could allow the installation of malicious software on your organization’s system.

BEC scammers, meanwhile, rely mainly on emails as their means to perpetuate their fraudulent act. In both ransomware and BEC scams, attackers use emails as their weapon.

It’s, therefore, important to have an automated email solution that could identify and block emails with malicious attachments or links as well as identify and block spoofed or compromised emails. It’s also important to train your organization’s staff to identify and block malicious and fraudulent emails.

Backup Important Files

Organizations that entertain the idea of negotiating with cyber attackers are those that have weak back-up systems. If your organization regularly back-up your important files, there’s no reason for your organization to negotiate or pay the attackers for the locked or stolen data.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit