ACID Technologies provides state and local government agencies with 24/7/365 dark web monitoring services, while also continuously monitoring the deep web and multiple additional sources. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted organization to effectively respond to the threat and mitigate its harmful impact.

What makes state and local government organizations attractive targets for cybercrime?

Governments, both state and local, are attractive targets in the eyes of cybercriminals and cyberterrorists alike. The main reasons they direct their attention to these targets is the potential effect of the damage their cyberattacks can inflict, taking into account that government organizations also control a variety of critical infrastructures; and the wealth of sensitive data they possess. Cyber terrorists find these state and local government bodies attractive as they can constitute an arena for politically motivated cyber attacks, with any large attack affecting many citizens and gaining wide media coverage.

What are the main cybersecurity challenges faced by government institutions?

The main cybersecurity challenges are:

• Skilled opponents: In the case of state-level institutions in particular, but not only, those perpetrating the cyberattacks are often hacktivists, who are usually highly motivated; state-sponsored attackers, who have access to considerable resources and have often accumulated expertise and experience; and organized crime gangs, which are capable of investing sizeable resources to increase their chances of success.
• Multiple organizations operating under the umbrella of the government: When multiple agencies are involved, they often differ in their infrastructure, vendors, the systems they operate and the solutions they choose, as well as in how updated their defenses are. This makes it more difficult for state and local governments to ensure they are adequately protected.
• Limited resources: In view of the characteristics of their adversaries, local and state government bodies need to invest significant resources to protect themselves – resources that smaller organizations in particular do not always have at their disposal.

What are the potential cyber threats that governments need to protect themselves from?

The required protections, based on Check Point’s analysis, are:

• Internet of Things (IoT): IoT devices, often used to operate and control critical infrastructure, present considerable risks. These arise from a variety of factors, among them unpatched vulnerabilities. IoT devices must be managed with great care to prevent them from becoming access points to networks and creating dangerous vulnerabilities.
  
  
• Data security: To fulfill their functions, state and local governments hold massive amounts of sensitive confidential and classified information. Failing to appropriately safeguard this information will not only encumber their ability to provide the necessary services, but also lose them the trust of their citizens.
  
  
• Cloud security: Cloud services offer a variety of benefits, among them resiliency and scalability. This explains the increasing migration to the cloud of government data and applications and the increased reliance of government agencies on these services. However, they can also present risks if access control is not properly managed, configuration errors are made, or third-party risks are inadequately managed.
  
  
• Network security: Without effective network security, cyber attackers have a better chance of penetrating an organization’s systems and potentially wreaking havoc.
  
  
• Application security: Critical services provided to citizens by government agencies can be severely impacted, even shut down, if the applications used to provide these services are not properly protected.
  
  
• Endpoint security: Endpoint security solutions are essential to protection, in view of the fact that many government employees work on laptops and mobile devices provided by their employer.
  
  
• Mobile security: Mobile devices are increasingly targeted due to their growing use. Therefore, mobile security solutions are more essential now than ever to prevent the unintended downloading and installation of malware.
  
  
• Consolidated security architecture: Consolidated security architecture with the required security capabilities in a single solution is infinitely preferable to protection with standalone solutions which together form unmanageable security architecture.

What are some examples of cyberattacks demonstrating the need for effective cybersecurity for state and government agencies?

• In October 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) were requested by the U.S. House Committee on Homeland Security to brief them on an attack perpetrated by a hacker group backed by the People’s Republic of China (PRC). The group targeted large internet providers, including Verizon, AT&T and Lumen Technologies. The Committee voiced concerns that “the PRC could influence communications by rerouting internet traffic, or gain valuable information by accessing systems for lawful wiretapping requests. In other words, this intrusion would significantly jeopardize Americans’ right to privacy and broader U.S. national security interests.” According to some indications, the “Salt Typhoon” hack commenced years earlier, perhaps already in 2020, raising concerns over the state of the USA’s cyber resiliency.
  
  
• In July 2024, at the end of a three-year investigation, Germany accused China of having executed a cyberattack against its Federal Office for Cartography and Geodesy (BKG) in 2021. The BKG is the agency responsible for the entire country’s precision mapping. Germany subsequently announced that it intends to replace its Chinese telecommunications infrastructure, citing security concerns.
  
  
• In August 2024,it was reported that diplomats were targeted by Russian cyber criminals, apparently in order to steal data and conduct surveillance and reconnaissance. The attack consisted of an email offering a used car for sale with an attachment – supposedly innocent photos of the car, but in fact intended to distribute HeadLace backdoor malware. It seems that the attack began about five months earlier.
  
  
• Also in August 2024, the website of POLANDA, Poland’s anti-doping agency crashed following an attack. It was revealed that more than 50,000 files containing confidential data were leaked as a result. The attack was attributed to hackers “supported by the services of [a] hostile state”.
  
  
• On the local level, the city of Columbus, Ohio, USA, was targeted in an attack that took place in August 2024. An immense amount of data was stolen – reportedly three terabytes – including the personal files of the city’s employees. After two failed attempts to auction the data, the Rhysida ransomware group dumped the files on the dark web.

ACID helps state and local government organizations maintain business continuity and provide uninterrupted services to their citizens. Clusters of robots are deployed, sophisticated algorithms implemented, avatars injected and crawlers used, imitating regular user activity, to continuously monitor the dark web and numerous additional sources in order to detect signs of impending attacks while still in their planning stage, attacks that are in progress, and leaked data indicating a breach. Client-specific keywords are used, and language/s are chosen as relevant, to provide optimal results. Once a threat is detected, ACID sends real-time alerts to the targeted organization, to enable it to implement countermeasures to diminish the effects of the attack, or perhaps even foil it altogether. By offering a cost-effective solution centering on dark web monitoring, ACID helps even small government bodies to overcome the challenge of insufficient resources for effective protection.