State and Local Agencies Are on Guard for Phishing and Ransomware
Earlier this month, the Champaign-Urbana Public Health District in central Illinois had its website disabled due to a ransomware attack that also briefly cut off employees from medical files. The district’s website was attacked by a new form of ransomware called NetWalker, Public Health Administrator Julie Pryde tells The News-Gazette newspaper.
The health district’s email accounts, environmental health records and patient electronic medical records were not affected by the attack. Those systems and files were moved to cloud storage six months ago, the newspaper reported.
Meanwhile, in Connecticut, IT officials asked the state’s emergency management department to publicize concerns about new phishing attacks, state CIO Mark Raymond tells GovTech.
State IT workers in Virginia are “flagging keywords in emails related to coronavirus that are coming from outside parties that could be phishing attacks,” Stateline reports, citing state CISO Michael Watson. “A lot of these malicious parties are trying to play on your fears and have you make a rash decision,” Watson says “They’re saying that there is some immediate action you’re going to have to take to protect your own life and safety.”
Cybercriminals are sending out emails that, in some cases, appear to come from the World Health Organization, asking users to click on a link to get access to information on coronavirus safety measures.
How Agencies Can Guard Against Cybercriminals’ Attacks
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has published a set of risk management proposals to guard against increased cyberattacks amid the pandemic.
Agencies have a responsibility to enhance their overall cybersecurity defenses for their networks and data, CISA notes. State and local governments need to do the following:
- Ensure VPNs and other remote access systems are fully patched
- Enhance system monitoring to receive early detection and alerts on abnormal activity
- Implement multifactor authentication for all users
- Ensure all hardware has properly configured firewalls as well as anti-malware and intrusion prevention software installed
- Test remote access solutions capacity or increase capacity
- Ensure continuity of operations plans or business continuity plans are up to date
- Increase awareness of IT support mechanisms for employees who work remotely
- Update incident response plans to consider workforce changes in a distributed environment
As CISA notes, individual users have responsibilities to practice good cyberhygiene too. They should avoid clicking on links in unsolicited emails and be wary of email attachments, CISA advises. Users should not reveal personal or financial information in emails and should not respond to email solicitations for such information.
IT staff and other government users should also review CISA’s Tips on Avoiding Social Engineering and Phishing Scams for more information on how to recognize and protect against phishing. The Federal Trade Commission also has a helpful blog post on coronavirus-related scams.
Users should rely on trusted sources — such as legitimate government websites —for up-to-date, fact-based information about COVID-19.