As the world returned to a sense of normalcy in 2022, the public safety sector continued to grapple with the cybersecurity threats that became common with the increase of remote work. While cybersecurity threats to the private sector have always been common, cybercrime against the public safety sector has recently increased. In 2022 cybercriminals were the number one threat to public safety agencies.
The Motorola Solutions Threat Intelligence Team compiled the 2022 Cyber Threats to Public Safety report to provide crucial insights into global cybercrime trends to help law enforcement, first responders, municipalities and other entities better understand and prevent cyber threats to their organizations. It details how global disruptions, like war and supply chain challenges, impact cybersecurity in the public safety sector. Here are a few highlights from the report.
A Look Back at the Year In Public Safety Cyberattacks
2022 saw a 13 percent increase in cyberattacks, which were primarily influenced by the Russian invasion of Ukraine. The conflict established pro-Russian hacktivist groups, which increased hacktivist activity against public safety agencies by 179 percent. There was also an increase in ransomware attacks from multiple extortion syndicates.
Threat Actor Developments
2022 also saw diminished activity from the LockBit extortion syndicate. While the reason for the decrease in activity remains unknown, it could be attributed to the fact that an alleged LockBit associate was arrested. Another factor that could have caused the decrease is that the syndicate’s ransomware builder became public.
Other threat actors included the BlackCat and Hive extortion syndicates and Russian hacktivists. The most prominent cybersecurity threat actor in 2022, however, was the Royal extortion syndicate, which was responsible for an estimated 16 percent of all cybercrimes in 2022.
As the Russia-Ukraine conflict continues, we expect pro-Russian hacktivists to remain active in 2023. Meanwhile, extortion cybercriminals will likely continue to try and gain access to public safety agencies’ sensitive data. Cybercriminals are expected to increase the sophistication of their attacks both in the United States and globally.
The PSTA Intelligence Team observed a record of 85 cyberattacks on public safety in Q1 2023, as reported in the Q1 2023 Cyber Threat Report, available exclusively to PSTA members. This upward trend can be attributed to increased cybercrime beyond public safety. Financially motivated threat actors, such as extortion groups, data brokers, and initial access brokers, were behind 81 percent of the attacks on public safety entities.
The largest increase in attack type affecting public safety in Q1 were network compromises conducted by initial access brokers. In total, network compromises accounted for 15 attacks, a 114 percentage increase over Q4 2022 attacks.
Data breaches also continued to rise in Q1. The Intelligence team observed 23 data breaches impacting public safety, an increase of 28 percent over Q4 2022. Federal government and military entities continued to be the number one public safety victim type. Overall, there were 45 attacks observed, a 32 percent increase over Q4 2022.
About the Public Safety Threat Alliance
The Public Safety Threat Alliance (PSTA) is an information sharing and analysis organization (ISAO) established by Motorola Solutions that is recognized by the Cybersecurity and Infrastructure Security Agency (CISA). The PSTA regularly publishes research, such as the 2022 Cyber Threats report, that is shared with members. It also hosts regular webinars featuring our cybersecurity analysts and other experts. The PSTA provides threat intelligence for member public sector organizations at no cost.
Download your copy of the full 2022 Cyber Threats to Public Safety report here.