10 Data Stupid US Government Counties are Ransomware Ticking Time Bombs
Posted on September 30, 2020 by Benjamin Bressington
529 US County Government Websites are less secure than a porn site.
It's safer to visit Pornhub.com then it is to visit your local county website. That's right you are less likely to be infected with malware or have your identity or money stolen by visiting a porn website then visiting your local county website.
Many US County services could be taken offline in less than 19 minutes. Exposing residents to identity theft and financial fraud without their knowledge. Basic misconfigurations are exposing local governments to cybercriminals make it a ticking timebomb for embezzlement, IP theft, and identity theft.
The cyberattack resiliency of many US Government Counties is embarrassing, for such critical services to be taken offline for less than $20.
The ChatFortress team recently completed an external cybersecurity audit of the 3,200 USA Counties. This audit was based on the domain name to highlight which counties are most vulnerable to attack using standard external security audit frameworks.
"The growth and sophistication of cybercriminals, ransomware, and hacker attacks have reached epic levels. We can no longer ignore it or foolishly think "that won't happen to us."
Our team found 336,873 leaked credentials for US County employees nationwide, via dark web scans. 32% of cyber-attacks are caused by using compromised accounts due to poor password management. Based on this dataset it would allow accounts to be compromised in less than 19 minutes.
The data from the 3,200 US Counties has been published as part of CybersecurityReportCard.org and can be accessed here: https://chatfortress.com/directory/government
Interactive Map with Nationwide Data
The purpose of this data is to start conversations about our cybersecurity risks and showcase that everyone is vulnerable to attacks. With most cyberattacks being caused by human error or misconfigurations. It's time to take 5 minutes to review our cybersecurity 101 and ensure the basics protected.
It's unfortunate that when these US Counties become victims of a preventable incident that thousands of people are impacted or exposed to further harm. We provide detailed reports on each US County vulnerability with a remediation plan at no cost.
There has been an increase in data breaches and ransomware attacks against government services and this is only expected to increase. Here are some recent attacks:
- Louisiana government declares a state of emergency after cyberattack.
- 22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyber assault
- Hackers Are Holding Baltimore Hostage: How They Struck and What's Next
- Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000
- Second Florida city pays giant ransom to ransomware gang in a week
- New Orleans Declares State of Emergency Following Cyber Attack
- Mississippi City Operations Disrupted By Ransomware
716 US County Website Vulnerable to DDoS Attacks
We are also seeing an increase in DDoS attacks against governments and schools. Either intentional or unintentional as part of protests. 716 US Counties fail to protect their websites using a $20/month WAF (Web Application Firewall) which would prevent DDoS attacks. The cost of recovery after a DDos attack on average is $120,000.
The question becomes when these counties fall victim to a cyber-attack by no fault of their own, are they being stupid…or just irresponsible?
2,965 US Counties Vulnerable to Email Impersonation and Financial Fraud
2,965 US Counties currently have DMAC issues. Opening their email systems to increased impersonation attacks or email phishing attacks. This makes it easier for hackers to impersonate the county and send fraudulent emails with emails or payments to residents. This basic misconfiguration can result in millions of dollars in financial fraud.
10 Worst US Counties for Cybersecurity
- Butler County, Missouri - Grade: F
- Macon County Government, Tennessee - Grade: F
- Orange County Government, Texas - Grade F
- Bacon County Government, Georgia - Grade F
- Polk County Government, North Carolina - Grade F
- Rutherford County Government, North Carolina - Grade F
- Jefferson County Government, Montana - Grade F
- Wabash County Government, Indiana - Grade F
- Dallam County Government, Texas - Grade F
- Poinsett County Government, Arkansas - Grade F
10 Worst US Counties for Cybersecurity
Each of these counties has over 1,000 leaked employee credentials. Compromised accounts mean that we can find a person's username and password to access websites online. This is part of the research step cybercriminals complete to access a person's system. They will log in with your own username and password to bypass detection. Understanding how you create your passwords also provides insight into how to crack your password.
- Catawba County Government, North Carolina
- Osceola County Government, Florida
- Shelby County Government, Tennessee
- Howard County Government, Maryland
- Philadelphia County Government, Pennsylvania
- Alameda County Government, California
- Duval County Government, Florida
- King County Government, Washington
- Bernalillo County Government, New Mexico
- Chester County Government, Pennsylvania
What's the Solution?
It's clear there is a problem with data security but what's the solution and how can steps be taken to improve the cyberattack resiliency of an organization? ChatFortress is making available up to $20,000 per month in cybersecurity products and services for free under the Make 2020 Safe Again business grant. Companies can access up to $60,000 in services until Dec 30, 2020.
2020 has been a challenging year, protect your business against financial loss.
Don't let Embezzlement, Fraud, or Espionage destroy your business. ChatFortress is making available up to $60,000 PER Company in Cybersecurity Protection. This Business Grant applies to any company, charity, or educational institution in the USA and Canada.
Gain the Hacker’s View of your Cybersecurity Risk in Seconds with your Free Cybersecurity Assessment!
Discover How Hackers Exploit Your Business… If you had a no cost quick and easy way to check the safety of your business from cyber-attacks, would you do it?
Helping Business Owners start conversations about their cybersecurity culture. Cybersecurity does not have to be like chasing Bigfoot. Quantify your cybersecurity risk and instantly understand your vulnerabilities with ChatFortress Cybersecurity Report Cards.
Discover Your Cybersecurity Risk in Minutes for FREE!
Nothing to Install, Nothing to Download, Anyone Can Do It!
Enter a website URL below to claim your report card instantly!
Your Cybersecurity Report Card will be automatically generated within seconds... tell us your website URL and let us amaze you!
Who is ChatFortress
ChatFortress is a leading cybersecurity company helping business owners protect their assets from cybercriminals. We provide companies with access to the latest technologies, social engineering and human behavioral strategies, and user education to create a proactive cybersecurity culture. Helping you fortify your business against cyberattacks.
Detect and Remove BAD Emails in 3 Seconds!
ChatFortress Email Guardian is the Ultimate Anti-phishing Program as it Detects and Mitgates Email Phishing Attacks in 3 seconds using A.i Real-Time Inbox Scanning for Phishing Prevention!
- Common cybersecurity mistakes business make that allow hackers to steal your identity, data, and money
- 8 types of hacking and social engineering attack campaigns
- How to Protect Your Email Inbox from phishing attacks!
- Cybersecurity Maturity Model Certification
- Understanding CMMC Level 1 Requirements
- Understanding CMMC Level 2 Requirements
- Understanding CMMC Level 3 Requirements
- Understanding CMMC Level 4 Requirements
- Understanding CMMC Level 5 Requirements
Talk to Us
Reduce your cybersecurity risk and exposure. Schedule time with your ChatFortress Specialist now
or Call 307-999-7755
Cybersecurity Education Links
Common Cybersecurity Mistakes and how you can protect yourself and your business from liability and financial loss! Instant Webinar Access!
Schedule Your Free Cybersecurity Risk Assessment Click Here to Schedule Call
Discover current hacker trends to steal your data and how you can protect yourself in 7 day FREE Email Cybersecurity crash course
Here are the 8 common types of email phishing attacks that hackers use to steal your identity. Are you protected?