Story Produced by New Hampshire Bulletin
Some of the consequences from the conflict in Ukraine are easily spotted in New Hampshire: expensive energy costs or Ukrainian communities grappling with war and organizing drives for supplies and funding. Others are less visible, such as a dramatic increase in cyberattacks spurred by new technologies developed amid the conflict.
Cybersecurity consultant Jason Sgro has worked with many New Hampshire municipalities, aiding them in their online security efforts. Now, he said, the state’s towns and cities need to be on high alert, preparing for the possibility of major attacks as a wave of Russian cyber technology finds its way to the Granite State.
This interview has been edited for length and clarity.
What kinds of cyber attacks have you been seeing and responding to?
New Hampshire has been embattled in an onslaught of cyber crime for many years. What we’re seeing overseas is that anytime a big geopolitical conflict arises – this time Russia and Ukraine – the countries have dumped a lot of technical innovation into their conflict.
They are certainly targeting each other, but what also happens is all this technological innovation has been stored up, presumably by both sides and by other threat actor organizations, releasing a lot of new tech into the world. Once you let it out of the bottle, it’s available and it’s out there.
What new technologies are at play?
There’s new ransomware, new wiper wares, new Linux vulnerabilities, and a lot of zero-day threats, meaning threats that have not previously been discovered or known, at least publicly.
Those are being utilized at a rate that we typically don’t see. Ransomware is a relatively common attack in New Hampshire, and it’s typical to see two or three major new ransomware variants a year hit municipal governments. In contrast, in a 60-day period, we’ve already seen nearly a dozen variants that have come from abroad.
Who is responsible for the attacks?
I can’t say this is Russia attacking us. In a lot of cases, it is third-party cyber criminals that are getting their hands on unique software, unique technologies, and taking advantage of unique vulnerabilities.
What challenge does this create?
In New Hampshire, this is problematic for us because it’s a year to two years, maybe even three years, worth of novel cyber technology and vulnerabilities and ransomware variants all released into the wild in 60 days’ time. This is a very compressed timeframe for the emergence of new technology.
But we have not seen a significant increase in cyber readiness from most municipal governments in the state, even following significant events, like Peterborough.
In Peterborough, $2.3 million in public money was mistakenly transferred to cyber criminals, illustrating the potentially devastating economic impact of these attacks.
At the local level, New Hampshire is still a very soft target for this type of new technology. When you combine that with the rapid increase of available cyber technology at the hands of cyber criminals as a result of the Ukraine and Russia conflict, now you’ve got a recipe that could really be detrimental to New Hampshire at large and certainly to our municipal environments.
The threats are out there. They’re in a greater number than they have ever been as a result of the Ukraine-Russia conflict. I urge all the municipal leaders to really take that seriously and act on it.
What can local governments do to protect themselves?
There are moderately easy steps to safeguard yourself, like enabling two-factor authentication – where people have to provide multiple credentials in order to sign in, like a PIN code that goes to their phone. Everyone in the municipal space should be using two-factor authentication, at least for high-value targets like finance directors and town managers. Those people are very likely to be targeted and have the authority to make banking changes.
The second thing is doing a comprehensive review of your environment now. It is very likely that many municipal environments are already compromised and have not yet realized because no action has been taken by the threat actor. If your credentials are out there on the dark web, somebody can actively be monitoring your email account, log in, and look at your documents, but they may not be performing any behaviors to alert you of their presence.
I would urge all municipal organizations to do an in-depth review of their email environments and document storage for indicators of compromise, which include logins from foreign countries or multiple logins for accounts in different geographics at the same time.
Dark web scanning and dark web intelligence are absolutely critical. Dark web scanning is when we look for email addresses and passwords and information about you and where you send your money. These technologies give you a heads up if your information is being trafficked on the dark web, which can be really important to know.
What can individuals do at home to improve their cyber security?
Individual dark web scanning often comes with credit monitoring. So if you have credit monitoring, make sure you’re investing in ones that have dark web scanning. It’s usually not even an extra cost.
Use two-factor authentication for all of your personal email accounts, banking accounts, anything that contains personal information that you don’t want to be made public should really be safeguarded.
If you still have really old computers at home, run the updates. Do not ignore those; they are trying to alert you of a cyber patch or risk mitigation that you should really take advantage of instead of putting it off because it’s inconvenient.
Jason Sgro is a senior partner at The Atom Group, a cybersecurity consulting group based in Portsmouth that works with the public and private sector.
This story republished with permission under New Hampshire Bulletin’s creative commons license.