External cyber threats to municipalities: What you need to know

Municipalities are exposed to various cyber threats on a daily basis. In our experience, we see that determining the right priorities is often difficult. That is why we are happy to share our insights into the most relevant actors and common attack techniques within the government sector.

Which actors pose a threat?

Three main groups of actors are currently targeting municipalities:

1. Geopolitically motivated actors

These actors often want to gather intelligence, influence policy decisions or undermine stability. They also focus on economic espionage and disrupting critical infrastructure. Examples include groups such as Fancy Bear and Cozy Bear (Russia), Lazarus Group (North Korea) and Winnti (China).

2. Financially motivated actors

These actors are primarily motivated by money. They use ransomware, extortion with stolen data and financial fraud. Well-known names are Lockbit, Conti and BlackCat. Even if the authorities successfully take action against one group, a new threat often quickly arises because other actors fill the gap.

3. Ideologically motivated actors

This group wants to bring about political or social change. Their actions vary from DDoS attacks during demonstrations to leaking confidential information. A recent example is the leak of personal data of citizens from Israel by hacktivists with a political agenda.

How do these actors get in?

How do hackers get into municipal systems? Research shows that 80-95% of attacks originate externally. The most common attack vectors are:

• Malware and phishing: via infected attachments or links in emails.
• Stolen accounts: attackers use stolen passwords and login details.
  
• Vulnerabilities in systems: Especially in systems that are connected to the internet.

In addition, we are seeing more and more attacks via suppliers. A hack at a supplier can have consequences for all affiliated municipalities. Human error also plays a role, for example through unintentional data leaks or employees being pressured.

Why are municipalities interesting targets?

Every municipality has valuable data and administrative processes that are of interest to both state actors and cybercriminals. Ideologically motivated attackers can also target specific municipalities, depending on local social issues.

What can you do now?

• Optimise the external attack surface: Implement a strong password policy, make multi-factor authentication mandatory for all systems and perform regular updates.
  In addition, it is important to regularly assess roaming credentials on the dark web and other places. Use the External Attack Surface Assessment and Dark Web Monitoring for this.
  
  
• Secure your supply chains: Make clear agreements with your suppliers and regularly check their cybersecurity. Use our Supply Chain Security services for this.
  
  
• Introduce internal monitoring and detection: This will prevent malicious parties from causing damage unnoticed.

Link to BIO and BIO2.0

The new BIO2.0 sets stricter requirements for information security within municipalities. Many of the aforementioned threats fall directly under the measures prescribed by BIO2.0. By responding to these external threats in a timely manner, you can not only increase the security of your municipality, but also comply with legal obligations.
Want to know more? Our experts are ready to help you with a comprehensive impact analysis or strategic session. This way you will know exactly where your municipality stands and what steps you can take to stay safe.