CHARLES TOWN — The emails look harmless but they can be devastating.
Disguised in sophisticated ways, some look like they came from a boss or office colleague; others appear to come from a brand-name company or service provider.
So-called phishing malware attacks are increasingly being aimed at municipalities across the country, and their email bombs are arriving more frequently in the inboxes of government employees in Jefferson County, officials say.
One misguided computer mouse-click could unleash untold technological chaos, damage and expense, explained Russell Burgess, director of Jefferson County government’s information technology department.
“Cybersecurity is just a huge deal with us,” Burgess recently told Jefferson County commissioners. “We are getting inundated every day with things that are happening out in the world.”
Burgess and Ranson City Manager Andy Blake spoke about the cybersecurity email threat of phishing scams targeting their government staff and operations in recent months.
“They don’t have typos and stuff anymore,” Blake said of the new generation of phishing attacks. “These emails look like they’re coming from Amazon. One of them looks like it’s from Netflix that says, ‘Hey, your account is overdue.’”
These modern-day robberies and ransom schemes are trying to lure corporate and government employees to click on email attachments that launch malware that can silently steal data, hold systems and information for ransom or inflict other costly cyber-mischief, Burgess said.
“Some of them are just there mining your data trying to get everything in reference that you have,” Burgess said. “A lot of [cybercriminals] would just like to take over your computer.
“It’s all driven by money,” he added of most schemes orchestrated by hackers. “Anything that they can do is to make money.”
Burgess said one software security vendor told him that it’s common for malware and data breaches to go unnoticed for more than 200 days before they’re discovered. Ridding a system of a malware infection can take another 70 days, he said.
The City of Baltimore had its computer held hostage for weeks by a destructive phishing scam. The city is now paying the dues on a $20 million insurance policy as financial protection against future cyberattacks, Blake said.
More and more municipalities are becoming targets, Burgess and Blake agreed. Last June, the Harrison County, W.Va.’s government computers were hit with cyberattack that blocked access to important files for weeks, according to press reports.
Burgess pointed out that phishing and other cybersecurity attacks are causing more unanticipated effects as everyday machines become increasingly interconnected over the internet.
A national department store chain had heating and air conditioning systems breached by malware that allowed hackers to manipulate the thermostats in some of their stores, Burgess said. A national hardware store had a malware breach the allowed hackers to post pornography on digital display panels of refrigerators on their sales floors, he said.
“It’s just incredible when you see all of the companies that have been hit,” he said.
Burgess and Blake are pursuing extra security measures and staff training to combat the threat. Blake is taking extra precautions to preserve city computer files and exploring the use of new security software. Burgess is locking down individual computer stations and hiring an extra part-time technology worker to focus on the issue.
Both local government managers are more carefully monitoring their systems for possible malware. And both are looking to conduct staff training to help staff recognize and avoid phony emails delivering malware instead of legitimate messages.