Over the past several years, cybersecurity researchers (including those at SonicWall) have noted a growing shift away from the “spray-and-pray” tactics that dominated much of the past decade, to a more targeted “big-game hunting” approach.
We’ve seen the effects of this strategic transition for a little while, as attackers have increasingly looked for targets that would cause the most disruption, that would have the most valuable information, and so on. And accordingly, in 2021 cybercriminals focused a lot of their attention on local, state and federal governments.
The year’s headlines offered snapshots of this trend, as threat actors launched attacks on a diverse set of targets including the governments of Indonesia and Israel, India’s prime minister, Belgium’s ministry of defense, Australia’s government-owned telecommunications systems, and multiple U.S. defense firms.
But a look at the exclusive threat data from the 2022 SonicWall Cyber Threat Report tells a larger picture about when, how and how much government customers are being targeted as compared with those in other industries.
In 2021, global ransomware volume skyrocketed, rising 105% year over year. But while “The Year of Ransomware” spared no country, region or industry, the stats were particularly grim for those in government. Ransomware attempts among government customers rose a staggering 1,885% — more than double the increase seen in healthcare (+755%), education (152%) and retail (21%) combined.
For 2020 to 2021, global malware — affecting all customers across all regions and industries — fell 4%. But among government customers, malware actually increased 94%. The percentage of SonicWall customers targeted further highlights this rise: Each month, an average of 19.6% of government customers saw a malware attempt.
Government devices were increasingly attacked last year, as well. In 2021, IoT malware increased 6% globally — but among government customers, these attacks spiked 46%. Government customers were second only to those in education in terms of how likely they were to see an attempted attack, with an average of roughly 9% of customers targeted by IoT malware each month.
Unfortunately, IoT malware attacks aren’t the only way that cybercriminals leverage government customers’ devices against them. Cryptojacking, a type of attack in which cybercriminals use a victim’s device to mine cryptocurrency without their knowledge or consent, also spiked last year, buoyed by record-high cryptocurrency prices.
Global cryptojacking volume in 2021 jumped 19% year-over-year, reaching the highest point ever recorded by SonicWall Capture Labs threat researchers. But this jump disproportionately affected those involved in government: Cryptojacking attempts on government customers rose 709% in 2021.
Governments Fight Back
But as cyberattacks on government continued to increase in 2021, efforts at the state, federal and local level increasingly turned to strengthening defenses . At least 45 U.S. states considered their own cybersecurity bills in 2021, up 18% from 2020. And many of their cybersecurity efforts were bolstered by the passage of a historic U.S. infrastructure bill in November 2021, which included $1 billion for state, local, tribal and territorial cybersecurity.
Advances were made at the federal level, as well. U.S. President Joe Biden signed an executive order in May 2021 aimed at modernizing the government’s response to cyberattacks, joining Japan, Australia, Germany and countless other countries in passing measures to improve national security in 2021.
Biden reiterated his commitment to cybersecurity, particularly concerning the nation’s infrastructure, in a statement last week:
“From day one, my administration has worked to strengthen our national cyberdefenses, mandating extensive cybersecurity measures for the federal government and those critical infrastructure setors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure.
“My administration will continue to use every tool to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure,” Biden said.
As part of the United States’ increased focus on cybersecurity, the Department of Justice in June announced the formation of its Ransomware and Digital Extortion Task Force, increasing the resources and personnel available for pursuing cybercriminals. As a result of the efforts made by this task force and other enforcement agencies, members of the REvil ransomware gang, the Trickbot group, the DarkSide ransomware group and more were brought to justice in 2021.