Security

How Public Agencies Can Guard Against a New Wave of Phishing Attacks

Public sector agencies need to be on guard against novel cyberattacks that take advantage of concern about the coronavirus.

Phil Goldstein

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna and two cats, Grady and Princess.

In addition to keeping vital citizen services running and ensuring employees can safely and productively work remotely, state and local CIOs and CISOs have another IT concern to deal with amid the coronavirus pandemic: cybercriminals.

The flood of information in the news media and from government officials about the response to the coronavirus is opening up opportunities for malicious actors to target public sector agencies with phishing and ransomware attacks.

As Wired reports, “coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus — and they’ve only proliferated since.”

The fraudsters are using phishing attacks tied to language around the pandemic to entice users to click on malicious links. Washington State CISO Vinod Brahmapuram said in a recent blog post that the pandemic “is being used by bad actors to play on our underlying fears, including using phishing emails that claim to have information about virus infections in our surrounding area — if users click on a link or an attachment.”

During this time, state CIOs and CISOs are on high alert for such attacks and are warning their staff and the general public to be vigilant. It is also a prime opportunity to have all users brush up on cyberhygiene best practices, because the temptation will be out there for users to click.

“It is the most clickable lure that an attacker can send out. Everyone has jumped on the bandwagon,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, which is monitoring the phishing activity, tells Stateline. “Their success depends on getting people to click. Coronavirus drives clicks like nothing else right now.”

There are also heightened worries about cyberattacks launching against the public sector and critical infrastructure targets from nation-state sponsored attackers. Sen. Angus King, who co-chaired the recent Cyber Solarium Commission on the future of U.S. cybersecurity, warned that the coronavirus “underlines our overall vulnerabilities [to cyberattacks] and the absolute unscrupulousness of our adversaries,” according to The Washington Post.

State and Local Agencies Are on Guard for Phishing and Ransomware

Earlier this month, the Champaign-Urbana Public Health District in central Illinois had its website disabled due to a ransomware attack that also briefly cut off employees from medical files. The district’s website was attacked by a new form of ransomware called NetWalker, Public Health Administrator Julie Pryde tells The News-Gazette newspaper.

The health district’s email accounts, environmental health records and patient electronic medical records were not affected by the attack. Those systems and files were moved to cloud storage six months ago, the newspaper reported.

Meanwhile, in Connecticut, IT officials asked the state’s emergency management department to publicize concerns about new phishing attacks, state CIO Mark Raymond tells GovTech.

State IT workers in Virginia are “flagging keywords in emails related to coronavirus that are coming from outside parties that could be phishing attacks,” Stateline reports, citing state CISO Michael Watson. “A lot of these malicious parties are trying to play on your fears and have you make a rash decision,” Watson says “They’re saying that there is some immediate action you’re going to have to take to protect your own life and safety.”

Cybercriminals are sending out emails that, in some cases, appear to come from the World Health Organization, asking users to click on a link to get access to information on coronavirus safety measures.

How Agencies Can Guard Against Cybercriminals’ Attacks

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has published a set of risk management proposals to guard against increased cyberattacks amid the pandemic.

Agencies have a responsibility to enhance their overall cybersecurity defenses for their networks and data, CISA notes. State and local governments need to do the following:

Ensure VPNs and other remote access systems are fully patched
Enhance system monitoring to receive early detection and alerts on abnormal activity
Implement multifactor authentication for all users
Ensure all hardware has properly configured firewalls as well as anti-malware and intrusion prevention software installed
Test remote access solutions capacity or increase capacity
Ensure continuity of operations plans or business continuity plans are up to date
Increase awareness of IT support mechanisms for employees who work remotely
Update incident response plans to consider workforce changes in a distributed environment

As CISA notes, individual users have responsibilities to practice good cyberhygiene too. They should avoid clicking on links in unsolicited emails and be wary of email attachments, CISA advises. Users should not reveal personal or financial information in emails and should not respond to email solicitations for such information.

IT staff and other government users should also review CISA’s Tips on Avoiding Social Engineering and Phishing Scams for more information on how to recognize and protect against phishing. The Federal Trade Commission also has a helpful blog post on coronavirus-related scams.

Users should rely on trusted sources — such as legitimate government websites —for up-to-date, fact-based information about COVID-19.

James Gathany/CDC