Cyber criminals continue to target public safety agencies. In recent months, they’ve specifically targeted law enforcement. While the past quarter saw an overall decline in cybersecurity threats to public safety, security experts saw a 27 percent increase in hacktivism, data theft and initial access broker (IAB) activity against police in the last quarter, which is expected to continue.
The Public Safety Threat Alliance (PSTA) recently published a report that details the most recent cyber threats to public safety and how these trends are expected to continue in the future. This blog shares key highlights from the full report, which is available to PSTA members.
Given the increased number of attacks against law enforcement, the overall decline in cyber attacks is likely a short-term trend.
While extortion attacks and data breaches continue to make up the majority of cyber attacks against public safety, the third quarter saw a decline in both. However, other types of attacks increased. Initial access broker (IAB) activity was up 17 percent, with 90 percent of IAB attacks causing network compromises.
Additionally, the prominent use of distributed-denial-of-service attacks (DDoS) saw a 14 percent increase in Q3. Hacktivism also continues to increase, with public safety being a top target. Hacktivist threats made up 83 percent of all cyber activity against public safety in this same time frame.
Cybercrime against law enforcement was up 28 percent, driven primarily by hacktivism and financial motivation. Hacktivism against law enforcement is drawing in new threat actors who are expected to continue their efforts, which is one reason the drop in cybercrime is not expected to be a long-term trend.
Threat Actor Developments
The decline in cybercrime can partially be attributed to the fact that the extortion syndicate CL0P didn’t conduct any attacks in Q3 after accounting for 27 percent last year. Kristina, the hybrid initial access and data broker group, announced its retirement from cybercrime, which also impacted the number of attacks this quarter.
However, while some prominent players seem to be taking a step back, others continue their attacks against public safety. The LockBit extortion syndicate is still a major threat to public safety agencies, making up six percent of the attacks and 18 percent of ransomware attacks.
With the rise in hacktivism, groups that sympathize with certain political movements are making more of an appearance, including a pro-Russian group that was responsible for 25 percent of hacktivist attacks against public safety in the past three months.
In the ever-changing political climate, hacktivism is expected to continue, with public safety being a main target. While a drop in cybercrime was identified, the overall trend of attacks is moving upward, which means it is unlikely that the decrease will continue.
Given the ongoing need for vigilance in the current threat landscape, it’s important to identify the security needs of your organization. With the rise in hacktivism, it is especially important to protect your organization’s credentials through processes like multifactor authentication to limit the amount of attack vectors available to hackers. Additional ways to defend your agency include 24/7 threat detection and remediation for your IT network and mission-critical systems, conducting cyber exercises, staying “in the know” about current threats and trends and joining the PSTA.
About the Public Safety Threat Alliance
The Public Safety Threat Alliance (PSTA) is an information sharing and analysis organization (ISAO) established by Motorola Solutions and is recognized by the Cybersecurity and Infrastructure Security Agency (CISA). The PSTA regularly publishes research, such as the Q3 2023 Cyber Threats Report, shared with members. It also hosts regular webinars featuring our cybersecurity analysts and other experts. The PSTA provides threat intelligence for member organizations at no cost.
Join the PSTA today to get a copy of the full report and other valuable research.