Knoxville, Tennessee was recently the victim of a frustrating type of cybercrime that has been hitting municipalities hard over the past few years: a ransomware attack that nearly shut down the administration for one of Tennessee’s largest cities. Police officers were forced to write their reports by hand, city employees were unable to access central networks and multiple problems were found as the investigation continued into the attack. According to Knoxville officials, it is thought that the attack began with a staff member who clicked on a questionable email and entered their corporate password and login information.
According to cybersecurity specialist, Earl Foote from Nexus IT “This provided a “window” into Knoxville’s network for these enterprising hackers.” Lisa Sagona, Knoxville’s IT director, noted that the hackers “got in from some sort of virtual private network and hacked something that we didn’t have dually authenticated.” In a world where “123456” is still one of the top passwords, IT administrators are being pressured to expand their cybersecurity profiles to reduce risk.
Tennessee Cities See Surge in Ransomware Attacks
While unfortunate, Knoxville’s recent ransomware attack is far from an isolated case. There are at least ten other city governments that have been the target of this type of ransomware, but the remaining cities were on a much smaller scale in terms of their operations and IT infrastructure. In the past several years, ransomware attacks against city governments numbered in the hundreds with police stations, hospitals, schools, and city centers bearing the brunt of the risk for attack. What’s worse is that falling victim to one attack isn’t going to ensure that your entity will not be attacked again.
Ransomware Often Originates from Phishing Emails
The attack in Knoxville is thought to have been caused by a phishing attack, a sophisticated mechanism that allows remote actors to capture the authentication information of an employee and utilize these details as a way to gain access to government networks. Once there, hackers can restrict access to key network sections or files until a significant ransom has been paid. It’s nearly impossible to predict when a phishing email will be successful, but hackers continue to see gains in this delivery mechanism for their attacks with up to 70% of attacks involving some sort of phishing scheme.
Providing Adequate Training and Aggressive Web-Based Filtering
Staff training is often one of the most challenging tactics to implement when it comes to phishing attacks. These ever-changing email-based attacks play on subtle psychological tricks to encourage staff members to release their sensitive information. Hackers are becoming extremely creative in their focus, often masking their email addresses so messages appear to come from trusted third parties or vendors. Aggressive web filtering and active methods such as adding notes to each email that originates outside the corporate network can help reduce the possibility of staff falling victim to this type of attack. Microsoft 365 is one communications suite that offers a more comprehensive approach to security, with multiple interconnected business applications to ensure content stays within the corporate ecosystem.
Protecting your business or government entity against cyberattacks is challenging, particularly when you are struggling to maintain adequate IT coverage throughout your organization. One key learning from Knoxville’s recent cyberattack is the need to be aggressive in applying robust cybersecurity policies throughout your organization. If you need support creating or maintaining a secure, reliable IT infrastructure, contact your local IT managed services provider. These professionals are able to provide you with immediate access to highly-trained and qualified professionals with deep experience in the world of cybersecurity.