Governments worldwide under attack from cybercriminals

Government and the public sector saw a 40 percent increase in cyberattacks worldwide between March and May 2023

Posted 8 August 2023 by Christine Horton

Government and the public sector have seen a 40 percent increase in cyberattacks worldwide, according to new research.

BlackBerry’s latest Quarterly Global Threat Intelligence Report said the company stopped 55,000 individual attacks overall between March and May 2023.

“Governments and public services, such as public transit, electricity, water services, schools, and non-profit organisations, stand as unfortunate bullseyes for cybercriminals and other threat actors, whose attacks seek to wreak maximum havoc and who often times face very little resistance,” said Ismael Valenzuela, VP of threat research and intelligence at BlackBerry.

“With limited resources and immature cyber defence programmes, these organisations are struggling to defend against the double pronged threat of both nation states and cybercriminals. Now, more than ever, they need access to actionable cyber intelligence to direct and strengthen their security strategies, while safeguarding the vital services, institutions, and trust upon which our societies thrive.”

Government a major target

In March, the ransomware group LockBit targeted the city of Oakland, California. The group operates a ransomware-as-a-service (RaaS) and typically employs multiple tactics and techniques to infiltrate networks, identify critical and confidential information, and exfiltrate data to be used as collateral in double-extortion ploys to pressure victims into paying larger ransom demands. Around the same time in the US, the threat group BlackByte claimed credit for Royal ransomware attacks against the cities of Dallas, Texas and Augusta, Georgia.

In Canada, the Clop ransomware group also claimed responsibility for several other attacks including an attack on the city of Toronto, where it claims to have encrypted devices and exfiltrated metadata of over 35,000 citizens.

Poland was also a target for attack. According to Reuters, the Polish Tax Service was knocked offline in March by a suspected Russian cyberattack. According to Poland’s commissioner for information security, the Russia-aligned group NoName instigated the attacks, which he described as “simple” by today’s standards.

Healthcare also in criminals’ sights

The healthcare sector is also one of the most consistently targeted industries by threat actors.

During the reporting period, there were several notable cyberattacks across the wider healthcare threat landscape. In early March, the Spanish hospital Clínic de Barcelona was the victim of a ransomware attack thought to have been perpetrated by the RansomHouse cybercrime organisation. The attack targeted virtual machines within the hospital’s infrastructure and severely disrupted scheduled medical services. A little more than a week later, Alliance Healthcare—one of Spain’s leading pharmaceutical suppliers—was targeted in an attack resulting in the complete shutdown of the company’s website, billing systems, and order processing.

Because healthcare organisations typically hold sensitive data and provide critical services, the number of attacks against this industry is likely to rise, said BlackBerry.