By 2024, dozens of local governments have already been hit by ransomware incidents and cyberattacks, limiting services for millions of people across the United States.
The latest high-profile incident involves New York City, which was forced to take a city payroll website offline and remove it from public view after facing a phishing incident.
The incident was the first reported by Politico, who spoke with city workers who complained that New York City’s automated personnel system, Employee Self-Service (NYCAPS/ESS), was offline while many were trying to file their taxes.
New York City’s Office of Technology and Innovation and told Recorded Future News that NYC Cyber Command “has been made aware of a smishing campaign targeting NYCAPS users.” Smishing is essentially phishing via text messages rather than emails.
“NYC Cyber Command advised and worked with FISA-OPA and DCAS to implement enhancements to security measures,” the office said. “City employees have been advised to remain vigilant and confirm the legitimacy of all communications and activities related to NYCAPS and payroll.”
A city official reiterated that the NYCAPS website is still online and accessible to all employees through the city’s secure internal network.
Screenshot of the fake NYCAPS website. Image via Bolster.AI
The smishing campaign allegedly involved messages sent to city workers asking them to enable multi-factor authentication, with a link to a phishing domain.
Shashi Prakash, CTO of security firm Bolster.AI, told Recorded Future News that his team saw the domain “essnyc{.}online” the day it was registered. Other researchers said the domain was registered in Lithuania.
Prakash explained that his team’s data shows that it has been online since December 9 and shared a screenshot of the page, which looks exactly like the NYCAPS website.
“There is an additional domain cityofanaheim{.}online on the same infrastructure, which makes it look like they were targeting other cities,” Prakash said.
Keeper Security’s Teresa Rothaar said more than 80 percent of breaches occur because of weak or stolen passwords, credentials and secrets, much of which is acquired through the type of attacks phishing and smishing that New York City is currently facing.
To make matters worse, the New York City attackers clearly knew that multi-factor authentication was a critical security layer and exploited this concept by attempting to steal credentials.
“Often, innocent people who are not trained in phishing prevention will focus on the ‘pinstripes’ of the illegitimate email or site, i.e. the aesthetic that is familiar to them , like the logo or the colors of their banking site,” she said.
“Cybercriminals spend a lot of time making “similar” sites appear authentic so that users are tricked into entering their login credentials. Employees should always exercise caution and assume that all of their work (and even personal) passwords have been compromised, especially if they reuse the same passwords across multiple accounts (a big no-no, and this situation illustrates Why). .”
Nationwide problem
The campaign targeting New York City is one of several campaigns specifically targeting city, county and state governments across the United States.
Last week, the cities of BirminghamAlabama and East Baton Rouge, Louisiana, announced security incidents affecting public services. Jackson County, Missouri was forced to declare a state of emergency after discovering a ransomware attack last month.
Thursday, the Florida Department of Juvenile Justice in Tallahassee admitted to local media that it was facing a cyberattack that had forced some systems offline.
Likewise, Hernando County, Florida announcement a cyberattack Thursday, warning that while 911, police and EMS systems were still operational, several other government services would be unavailable indefinitely. Local media reported that the FBI was involved in the response to the incident.
Rebecca Moody, head of data research at Comparitech, has studied ransomware attacks against US government offices and said she has find So far this year, 18 ransomware attacks have been confirmed.
Other researchers have traced at least 25 ransomware attacks against US government offices.
While several states have banned government organizations from paying ransoms to groups, offices remain prime targets for ransomware gangs and hackers. Washington County, Pennsylvania recently revealed that it paid a ransom of $350,000 to hackers following a ransomware attack in January.
James Turgal, who spent 22 years working at the FBI, told Recorded Future News that attacks on state, local and tribal governments have accelerated over the past year.
“From a threat actor perspective, these municipalities constitute a target-rich environment with an abundant source of victims. By my estimate, with approximately 95,000 soft targets nationwide, there are 40,000 cities, towns and municipalities, approximately 50,000 special government districts nationwide, not including additional tribal governments that round out the numbers,” he said. he declared.
“There must be a sense of urgency from state, local and municipal governments to anticipate the threat, as it is these local entities that have the most direct impact on our citizens, and cyber-centric disruption can potentially be life threatening. when considering the public health and safety services that our local governments control.