Cyberattacks on government institutions are nothing new, but they may reach new heights. Recent incidents this fall show that entire municipal or even national governments may be vulnerable to significant disruption from cybercriminals.
Technologically, the effects can send entire populations decades back in time.
The Pacific Island nation of Vanuatu's government has been offline due to a cyberattack since early November. The nature of the attack is still unknown, and only about 70% of government services have been restored after a month.
On the first day of its term, November 6, Vanuatu's newly elected government began to notice problems with official computer systems. All government computer services were eventually disabled.
Officials were unable to access government email accounts, citizens were unable to renew driver's licences or pay taxes, and medical and emergency information became unavailable. The country decided to revert to pen and paper for many daily functions.
The government acknowledges that a breach in its centrally connected systems was discovered in early November, but refuses to elaborate. According to some sources, including the press in nearby Australia, which dispatched specialists to assist with system repair, the incident was a ransomware attack. The nature of the breach, however, has yet to be confirmed by Vanuatu's government.
Suffolk County identified a ransomware attack on September 8 and responded by shutting down its computer systems. The blackout impacted government divisions from the police to social services, forcing them to revert to technology from the early 1990s.
Furthermore, the county stated that the attackers stole personal details such as driver's licence numbers from citizens. A county executive accused a cyber group known as BlackCat, which had previously been linked to attacks in Italy and Florida.
Little information has surfaced about Vanuatu's level of preparedness prior to the incident, but Suffolk County officials' concerns were dismissed months before the September attack. The computers in the United States did not use two-factor authentication and were running on obsolete computer systems that would be too expensive to upgrade.
Due to their fewer resources than large governments, regions like Suffolk County and small countries like Vanuatu make excellent cyberattack targets. Because there are so many other small targets for cybercriminals to target around the world, similar incidents are likely to occur in the future.
