The Saint Paul City Council has unanimously agreed to maintain a local state of emergency for an additional 90 days. That means that the cyberattack that shook the Minnesota city last week is still ongoing.
The move, aiming to safeguard the city against the digital threats it recently encountered, empowers Mayor Melvin Carter and local agencies to continue leveraging state and federal resources as they combat the cyberattack.
And they’re certainly needed. Already on July 28th, St. Paul’s IT systems were shut down to isolate local infrastructure from potential damage after “suspicious activity” was detected. Carter soon said this was an ongoing “deliberate, coordinated digital attack.”
Last week, the mayor said that the attack appeared to be limited to city systems, which are being recovered. Efforts are ongoing to bring customer service lines fully back online, and the Minnesota National Guard is still actively assisting the city.
“In just a few days, our city has ensured employees can count on being paid, emergency responses remain protected, and many service lines have already been restored,” Council member Cheniqua Johnson stated late last week.
So far, so good, it seemed. However, cybersecurity experts told Cybernews that the scope of the attack appears broad and that the extent of the breach might still turn out to be very serious.
Money, revenge, data, fun
Crippling hacks that knock out city services are indeed a hallmark of ransomware incidents, in which cybercriminals deploy data-scrambling software to paralyze victim networks until a ransom payment is made.
“This is definitely a serious attack. The fact that the Minnesota National Guard was called in signals that. Cities are attacked regularly, but this one is particularly broad in scope. It’s not unprecedented, but it is significant,” Betsy Cooper, Director of Aspen Policy Academy, told Cybernews.
What if the city no longer has a record of your property value, or all your permitting documents are gone?
Betsy Cooper.
According to Cooper, who is a cybersecurity professional, most city operations in the US are digital, so a cyberattack that interferes with internet communication can have far-reaching consequences. But data, or rather, threats to citizen data, is key.
“One of my biggest fears is that data is deleted or tampered with. Cities occasionally lose access to systems for short periods. Natural disasters or technical failures can cause that,” said Cooper.
“But what if the records are altered or permanently lost? For example, what if the city no longer has a record of your property value, or all your permitting documents are gone? There’s no evidence that this has happened yet, but if it did, people would absolutely care.”
Cooper singles out four main motivations for these kinds of attacks. Ransomware, of course, is the most common motive.
However, she added that individuals or groups can also act out of revenge and cause all sorts of damage.
“Someone with a grudge against the city, maybe a disgruntled employee or resident, may want to cause harm intentionally. For me, the most concerning motivations are revenge and data theft, because those often aim to cause lasting harm,” said Cooper.
Of course, attacks are also often carried out by nation states or organized actors who want to extract valuable information or sow chaos by tampering with critical data like tax records.
“For example, what if the city’s records of who paid their property taxes are gone or scrambled? If people don’t have their own copies, they may not be able to prove payment. That could become a bureaucratic nightmare: painful, slow, and costly,” explained Cooper.
Local cities are attractive targets
Finally, some hackers simply want to show off and have some fun. Effects are then usually short-term even if annoying, Cooper said.
Having a patching strategy of known vulnerabilities, especially those listed in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, will definitely help cities defend their networks.
Still, in an ideal world, city IT systems should have secure backups, ideally stored separately from affected ones, so they could restore critical functions. Otherwise, rebuilding data from scratch would be both difficult and expensive.
“For individuals, the risks are personal. If records are changed to falsely show a criminal history or if legitimate records vanish, how do you prove a negative? That’s why the worst-case scenarios are so serious, even if they’re relatively rare,” Cooper told Cybernews.
“Most hacks are about data or money, but the outlier cases are where the real damage can happen.”
According to James Turgal, VP of global cyber risk and board relations at Optiv and a 22-year FBI vet, there are some proven actions and strategies local governments can undertake to protect their ecosystem and mitigate damage.
For example, cities must understand, map, and maintain an up-to-date inventory of all hardware, software, and IoT devices.
“I’m a firm believer in the concept of ‘you can’t protect what you can’t see,’” said Turgal.
Plus, having a patching strategy of known vulnerabilities, especially those listed in the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, will definitely help cities defend their networks.
In general, state and local governments must educate themselves and their employee populations on the evolving threat landscape, which includes ransomware-as-a-service groups – like LockBit, ALPHV/BlackCat, and Scattered Spider – targeting municipalities.
“Local cities are attractive targets and usually lack robust budgets, and their legacy and outdated systems with known exploited vulnerabilities are often subjected to phishing and business email compromise,” Turgal told Cybernews.
Your email address will not be published. Required fields are markedmarked