There has been a sharp rise in cyberattacks – and subsequently data breaches – impacting public sector organizations across the globe during the second quarter of 2023, a recently released report has said.
This is particularly concerning considering the highly sensitive data held by government entities – which includes federal agencies, schools, utility companies, and other services – and the widespread usage of weak passwords by government employees in countries like the United States.
Worryingly, a lot of the malware used in these sorts of attacks is easy to access and doesn’t cost much to acquire.
Attacks Against Governments and Institutions up 40%
The Blackberry Threat Research and Intelligence Team recently released its Q2 report, which tracks cyber threats between March to May of 2023.
They found that cyberattacks on government agencies and institutions had increased by a staggering 40% compared to the previous period. The company itself stopped more than 55,000 attacks against government entities.
City authorities in California, Texas, and Georgia – as well as Toronto – have all been targeted recently, the report says. It’s not just the US and Canada that are prone to attacks, however.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
Just a few days ago, for instance, The i revealed that the UK foreign office was hit by a Russian and Chinese attack that saw hackers gain access to “internal systems”.
In the past few months, more and more governments have been caught out. The Blackberry report references a recent threat campaign that focused on “Pakistani government targets” and “was delivered by a complex execution chain that relied on phishing emails and weaponized documents”.
Another recent incident involved a breach of the Norwegian government’s IT systems, which were broken into via a zero-day vulnerability in July. The attack affected at least twelve of the Scandinavian state’s government departments.
In a similar case from June, Swiss government data was reportedly leaked online after a ransomware attack compromised a third-party software provider.
US Government Employee Passwords Are Weak
Considering the sensitivity of the data that government organizations and public entities tend to store, you may think that employees would be more motivated than most other organizations to ensure their accounts are secured with strong passwords. But this isn’t necessarily the case.
An audit of US federal agencies found that around 20% of passwords could be cracked using standard cryptographic methods, while 89% of “high-value assets”, which the audit defines as “assets that could have serious impacts to the Department’s ability to conduct business if compromised”, weren’t protected by multi-factor authentication.
Another report from March 2023 found that around 5% of federal employees had fallen victim to a phishing attack at some point, while 21% said they didn’t even care if their organization got hacked.
Malware: Cheap to Buy, Easy to Use
Along with inadequate defenses against sophisticated, contemporary threats, the other problem for governments is just how accessible and cheap malware is in 2023.
Ransomware-as-a-service kits can now be bought for under $40, in some cases. Phishing kits, on the other hand, have been seen selling for as little as $2. Crucially, however, you don’t need to be a tech genius to operate them – something which is at the heart of the wider “cybercrime-as-a-service” boom.
Despite its growing prevalence, there are still some things that you can do to protect yourself against a myriad of malicious activities. For example, ensuring you’re not giving a hacker an easy way in by creating strong, unique passwords is essential, as is activating multi-factor authentication wherever you can.
