Threats to state and local governments can be prevented before having to pay a fortune in remediation costs. Learn why municipalities and governmental services are a prime target for cybercriminals and how these threats can be addressed cost effectively.
Recently, we witnessed yet another case of a municipality, this time Allentown, PA, struck by the Emotet Trojan. This event took place while the Colorado Department of Transportation (CDOT) was still recovering from a devastating attack involving a ransomware called SamSam, which shut down over 2,000 endpoints, taking the department back to the age of pen and paper.
Unfortunately, these incidents weren’t especially surprising. During the past couple of years the industry witnessed a steady rise in the number of attacks on municipalities and governmental services such as the CDOT and hospitals struck by various Trojans and even by the same SamSam ransomware.
IT Security Challenges in the Public Sector
Cyber-criminals are increasingly targeting municipalities and other government organizations for several reasons. First, these environments are often softer targets than some of the better-equipped enterprise networks. Second, state and local government networks often host highly valuable information about individuals and critical infrastructure as well as facilitates financial transactions. Attackers pursuing these organizations have both the motive and the opportunity to achieve their objectives.
Protecting these public interest entities against a cyber-attack is a major challenge. This sector tends to be highly fragmented with legacy infrastructure and complex network topology. Such heterogeneous environments are notoriously difficult to manage and secure, which leave security gaps that attackers take advantage of. When combined with scarce resources and hard-to-find expertise, IT and security personnel are pulled into multiple directions. Often overwhelmed by the amount of infections, the IT staff finds itself in a downward spiral that leads to even more security incidents.
Unfortunately, failure to defend against cyber-attackers can result in a major direct financial loss or even damage to critical assets that when compromised may put human life at risk (e.g. hospitals, police and fire departments).
The Need and Possibilities for Stronger Prevention
Recovering from an information security incident is a painful task that might take a long time and require additional budget. The mayor of Allentown estimated the remediation process can cost as much as $1 million, with a quick emergency response from Microsoft at a cost of $185,000. Even if the city of Allentown will successfully recover from Emotet, it is likely that the damage was already done–sensitive data was leaked and if they dealt with ransomware, like the CDOT did, their data was destroyed.
“An ounce of prevention is worth a pound of cure,” as people say. This phrase accurately depicts the situation in Allentown and other municipalities’ experience. In a recent blog post, we discussed how Emotet infections can be easily prevented using a DIY vaccine, saving the expensive recovery process.
Moreover, applying the vaccine even in an already Emotet-infected network will contain the infection from spreading further. This is just one example of the ways in which enterprises can prevent infections by malware designed to evade baseline security controls.
DIY vaccine against Emotet in action
Minerva’s Battle-Tested Solution for Municipalities
If you’re looking to proactively protect or clean your network in a manageable way across all endpoints and eradicate the Emotet threat, Minerva Labs can meet your operational and security needs. By using our Anti-Evasion Platform to simulate the right sandbox artifacts without the need to reboot or perform complex deployments, security teams can fool Emotet into refusing to infect the endpoint.
Minerva’s solution is already protecting several large municipalities in the US to automatically block threats that bypass antivirus and other security tools. State and local governments have been able to roll out our software across their servers, workstations and even VDI systems in days, regardless of the type of AV software already installed on them, successfully preventing the Emotet trojan across thousands of endpoints, along with ransomware and fileless malware. With the help of Minerva Labs, security teams were able to contain and clean up the Emotet infection 60-70 percent faster than using alternate, manual methods.
But the value of Minerva is not limited to protect against Emotet. There are numerous techniques that allow malware to bypass existing security defenses, whether it queries the endpoint for security and forensics tools, hides itself inside malicious documents, uses fileless methods to inject itself directly into the memory and not be scanned on disk and more.
Minerva’s Anti-Evasion Platform is especially well-suited to diverse environments where endpoints need to be protected without the need for ongoing care-and-feeding. It’s a super light agent compatible with Windows XP and up that simply works to prevent infections that would’ve otherwise burdened IT staff with investigative and recovery tasks. There are no performance implications and end-users don’t get disrupted.
Request a demo of Minerva’s Anti-Evasion Platform today to see how you can turn the tables on cyber-criminals in a practical way that saves money and strengthens your security posture in a meaningful way.