Targeted Cyber-Attacks Threatening Local Counties In Georgia In The Midst Of US Election
Attackers are using advanced and sophisticated email attacks to target local counties in Georgia in the midst of the US election, putting district finances and personal data at risk.
Expert Insights / Oct 30, 2020By Expert Insights
As presidential hopefuls Joe Biden and Donald Trump attempt to shore up their support in Georgia in the last few days of the US Election, Expert Insights has identified a campaign of highly advanced cyber-attacks that are threatening counties in the key battleground state.
Local government infrastructure across multiple municipalities in Georgia have come under sustained cyber-attacks in recent weeks. Cyber-criminals are using advanced methods of social engineering to attempt to spread malware, trick people into making fraudulent payments and compromise sensitive data.
Attacks that Expert Insights have analyzed are highly advanced and sophisticated. Attackers are impersonating employees from local county departments at an individual level, taking the time to read through emails and impersonate real people in highly realistic scams.
This suggests that there are a number of compromised email accounts within local governments, giving cyber-criminals access to internal communications which they can read through and mimic. Cyber-criminals are using this access to spread malicious documents and send out fraudulent invoices, while appearing to be genuine state employees.
The increasing volume of these attacks is a reminder to local governments that cyber-criminals will exploit any opportunity and security gap to target their victims. Local government institutions, and indeed organizations of all kind, need strong email security solutions in place to defend against cyber-attack.
Attacks against local governments across the US have become more and more common. In a well-publicized attack in August 2019, 22 towns in the state of Texas were hit with a devastating ransomware attack which took out critical operating systems. The FBI and DHS have recently uncovered a campaign of Russian-backed cyberattacks which have compromised data across dozens of state and local governments.
Phishing attacks in particular are a leading cause of data breaches against local governments and political institutions. Just this week the GOP Party in Wisconsin reported that $2.3 million USD had been targeted in an invoice scam that originated with a phishing attack.
What do the attacks look like?
Expert Insights used email security solution IRONSCALES to identify and analyze the email attacks targeting municipalities across Georgia. The attacks we have analyzed are all advanced phishing attacks which impersonate or ‘spoof’ the identities of legitimate local government employees.
We’ve seen evidence of highly targeted impersonation, with attackers writing emails that appear so genuine it’s hard for even trained security professionals to tell the emails are malicious. These types of attack are highly dangerous, especially at a time when many state employees are still working remotely due to COVID-19.
In the above example, the text of the email itself is totally innocuous, and mimics the writing style of the legitimate email sender. There is even an entirely fictional email chain attached to the email, which is designed to make the recipient think the email is genuine.
The only way we could classify the email as malicious was by analyzing the ‘Payment Collection’ document attached, which contained malware, and by analyzing the domain of the sender. Rather than coming from the local Georgia council, the sending domain was based abroad. We’ve identified malicious emails delivered from servers in Italy, Germany and Chile, often from genuine email accounts that have themselves been compromised.
We’ve also seen highly targeted emails in which the individual directors of local government agencies are spoofed. These types of attacks can be highly effective, as many will not suspect their manager to have become compromised and will trust any invoices sent to be genuine.
Many of these attacks have made it through multiple layers of security technologies. We have found evidence of malicious emails being delivered despite being classified as safe by popular and well used email filtering platforms. We’ve also seen malicious attachments end up in user inboxes, despite being scanned by anti-virus technologies.
Keep your organization safe against cyber-attack
Expert Insights has been working with cybersecurity providers in the local area to provide consultancy and recommend the best cybersecurity solutions to defend against local councils against cybersecurity attacks.
“Local counties need to ensure employees are vigilant against these advanced cyber-attacks,” said Expert Insights CEO Craig MacAlpine. “One successful phishing attack can eventually lead to millions of dollars lost, not to mention loss of data or potential operational failures caused by ransomware.”
“The attacks we’ve seen in Georgia are unusually advanced and sophisticated. We recommend all organizations, but in particular local public bodies, evaluate the effectiveness of their current security systems and take all steps necessary to protect their infrastructure.”
About Expert Insights: Expert Insights is a global research firm dedicated to helping organizations around the world research cybersecurity solutions and services. Expert Insights publishes buyers’ guides and provides expert consultancy to secure help organizations stay secure against targeted cybersecurity threats.