Counties fall victim to wave of cyberattacks
Ransomware is continuing to be a very pressing issue, and alongside the novel coronavirus, it can spell disaster for many counties. In fact, if you simply do a Google search for "county ransomware", Google will load the latest counties who have fallen victim to the great wave of cyberattacks happening at the state and local level.
Unfortunately, many of these county ransomware attacks have occurred within the past three months. This blog highlights the recent wave of attacks that are targeting state and local counties, with a focus on school/education and election security.
Baltimore Country Maryland
During December 2020, Baltimore County, Maryland experienced cyber attacks that were targeting public school systems throughout the country. Experts say that open vulnerabilities that allowed unauthorized access caused the attacks. In 2019, auditors identified 32 publicly accessible servers for Anne Arundel schools that were improperly located within the internal network. Additionally, the Maryland State Department of Education also improperly stored the names and Social Security Numbers of 1.4 million students and 233,000 teachers.
Delaware County, Pennsylvania
During November 2020, Pennsylvania's Delaware County paid a $500,000 ransom after the DoppelPaymer ransomware hit their systems. Fortunately, the County stated that the cyberattacks did not affect the Bureau of Elections and the County's Emergency Services Department since they are on a different network than the hacked systems.
"Sources said the county is in the process of paying the $500,000 ransom as it's insured for such attacks" - Philadelphia's 6abc's Action News reported.
Jackson County, Oregon
In Jackson County, Oregon during November 2020, hackers successfully attacked a third-party vendor working for the county, causing an impact and ripple effect throughout the entire county. Unfortunately for Jackson County, they had to deal with a rise on coronavirus cases and their most destructive season in their wildfire history.
Hall County, Georgia
In Georgia's Hall County during October 2020, a ransomware attack affected election infrastructure and security during the 2020 election, the first known case.
How do we know who has access?
Understanding who has access is essential to preventing cyberattacks. Through positive identification, we can figure out who should have that access and whether or not that access is verified. Positive identification delivers evidence proving you are who you say you are and that you are among the group of people allowed access to a system.
Generally, we have been using passwords and PINs to determine who should have access, but they are not the best form of authentication.
Today's solution to provide positive identification needs to secure the data and network as top priority. BIO-key delivers today's solution. We eliminate password prompts and give users a secure point of access, something that is even more critical given the remote nature of most workforces, we also provide multi-factor authentication to strengthen security in-office or from home. Lastly, to provide an alternative to phone-based or hardware tokens, we integrate biometrics into your solution giving the ease of convenience and heightened security efforts to secure your data and network.