2021 certainly saw its fair share of cybersecurity news as cyber criminals continued to ramp up attacks. Stories making headlines included the continued fallout from the 2020 SolarWinds hack and attacks exploiting zero-day threats in Microsoft Exchange. The Colonial Pipeline ransomware attack in May quickly overshadowed these stories as consumers dealt with long lines at the pump due to resulting gas shortages across the East Coast. Just when security professionals were looking forward to the holidays, the Minecraft community seized (another) fifteen minutes of fame when they were used as the public demonstration of the Log4j vulnerability.
These incidents affected a wide range of organizations, and public safety wasn’t immune. The Motorola Solutions Threat Intelligence team sheds light on how cyber criminals target public safety in the new report, 2021 Cyber Threats to Public Safety: Criminal Operations, part two in our three-part series.
Ransomware Remains Top Cyber Threat
Financially motivated attacks like ransomware continued to be a major threat to public safety last year. Agencies across the U.S., as well as state and local governments, implemented improved security measures, such as frequent offline backups of critical data and operating system updates. This ultimately led to fewer ransom payments, which slightly reduced the total amount of monetary losses.
Municipalities remained the most common public safety victims due to the broader network footprint they required to offer a wide range of services for their residents. Attackers seized opportunities to go after weakly configured municipal networks, causing cities and towns to fall victim to 55 percent of the public safety attacks recorded. At times, security threats disrupted critical infrastructure such as water and payment systems.
Federal governments and military organizations were not immune to cyber attacks, however. In fact, 2021 data showed a 13 percent increase in cyber attacks to these entities compared to the previous year.
Extortion remained the most common threat to public safety. Ransomware accounted for 53 percent of reported attacks. Interestingly, one particular group, DoppelPaymer, was responsible for 20 percent of the reported ransomware attacks on public safety. As only 3 percent of 2021 attacks on all industries worldwide were attributed to DoppelPaymer, they are clearly targeting public safety.
New Cyber Crime Techniques and Tactics
Threat actors upped the ante in 2021 with new techniques and tactics. They increasingly tested triple and even quadruple extortion methods against public safety targets. In a common shakedown scenario, threat actors stole data, including personal information on law enforcement agency personnel, and published it on a name-and-shame blog as a way to punish organizations that chose not to pay ransoms. Public safety entities have become increasingly aware of this method and have taken steps to prevent data loss and improve information security, such as using offline backups.
The 2021 report revealed an increased number of extortion requests per attack, too. Along with stealing data, threat actors launched distributed denial-of-service (DDoS) attacks and leaked public records and case files to the public. The additional extortion techniques were used to exert maximum pressure against targeted entities.
Defending Against Cyber Criminals
In response to increased cyber crime, the International Association of Chiefs of Police (IACP), the National White Collar Crime Center (NW3C), and the Police Executive Research Forum (PERF), with support from the U.S. Department of Justice’s Office of Justice Programs, established the Law Enforcement Cyber Center (LECC). This online resource is designed to assist police department personnel, sheriffs, patrol officers, digital forensic investigators, detectives, and criminal justice prosecutors who are investigating crimes that involve computer systems and technology.
The Department of Homeland Security (DHS) has also increased its focus on strengthening the security and resilience of critical infrastructure and dedicating more funds for state and local governments, as well as grant programs and other resources to combat cyber crime.
As Sun Tzu famously wrote in the Art of War, “Know the enemy and know yourself; in a hundred battles you will never be in peril.” While Tzu wasn’t applying this quote to DDoS and ransomware attacks back in 221 B.C., it’s surprisingly applicable to cybersecurity today.
Public safety organizations have learned from past incidents to better bolster their cybersecurity posture for the future. They must continue to learn to stay ahead of the threats and respond faster when they do come under attack.
While applying the proper cybersecurity controls and processes for your mission-critical systems is important to defending your agency, it’s equally as important to invest in products and devices that have security built in from the start. And once they’re deployed, it’s critical to put 24/7 managed detection and response solutions in place.
Ensuring your organization is implementing security solutions that make sense for your needs is key. It takes a coordinated effort to combat cyber criminals. Working with a partner like Motorola Solutions that understands cyber threats to public safety can be a key part of successfully protecting your community.
Download 2021 Cyber Threats to Public Safety: Criminal Operations now to read the full report.