Cyber attacks - both domestic and foreign - threaten North Carolina government agencies

HILLSBOROUGH, N.C. (WTVD) -- This was an instance where law enforcement itself almost dialed 911.

"Everything starts with one machine," Jim Northrup, Orange County's IT Director, told ABC11. "One machine, meaning one person will click on something or open a file up that gets infected. That's patient zero."

Last March, patient zero was someone in the Orange County Sheriff's Department, and Northrup says the computer virus provoked an entire shutdown of the county's network within 45 minutes of discovery.

"We've been through a lot of storm exercises and hurricane exercises, but we haven't lived through a cyber-event on this scale."

Like most government networks, Orange County's network spans multiple departments from health to criminal justice to transportation to real estate. The data on said networks are treasure troves of personal information, including social security numbers, medical records, tax identifications and more.

The network was shut down for six hours before programmers were confident enough the threat was gone.

"At a certain point, when you don't have computers, you say let's look at our continuity of operations plans and what happens when this goes out. Do we break out the paper and pens? Do we break out the legal pads? Many of our departments went to processing customers the old fashioned way."

Orange County is just one example of the increasing cyber threat to both local and state governments in North Carolina, which officials warn puts all 10 million of its residents at risk.

Maria S. Thompson, North Carolina's State Chief Risk Officer, refers to the data contained in government networks that criminals are accessing as "low hanging fruit."

"Some are out there to monetize that information and will sell it on the dark web. Others are using it for intellectual property and espionage actions later on," she added.

A retired Marine who completed multiple tours in the Middle East, Thompson recently presented a wide-ranging report on cyber crimes to the State Emergency Response Commission - the same collection of officials charged with organizing weather disaster recovery and chemical hazard response plans.

"We have a lot of academic institutions here, a lot of research going on. That information is a treasure trove to a country that's trying to break into that market and trying to market that product."

FBI reports puts North Carolina in top 10 among all states for reported cyber crime losses

According to Thompson, the FBI reported more than 77,000 North Carolinians were victims of cyber crimes in 2018, leading to financial losses of more than $137 million.

Her office, moreover, reviewed some 2,000 cyber incident reports, and they ranged from the Orange County incident to more widely known breaches, including Marriott, Macy's and Yahoo. Generally speaking, those figures represent a 175% average increase since 2017.

Nationally, more than 170 county, city and state governments have been hit by cyber attacks since 2013.

This year, the City of Greenville, Robeson County and Pasquotank-Camden EMS, and others, have all endured cyber security incidents.

"The threat is very real and we have to be sure that we are prepared for that inevitability."

In North Carolina specifically, officials report most cyber criminals target the many businesses here working with foreign suppliers. The Research Triangle, moreover, is home to universities and industries renowned for its innovation, technology and a "treasure trove" of intellectual property.

Thompson's team, which is comprised of several military veterans, is an integral part of the state's Cybersecurity Response Force (CSRF) that facilitates partnerships with state, local, federal IT and even National Guard members.

Several types of worms, viruses

Though some of the widely-reported breaches highlight potential weaknesses in passwords, North Carolina IT officials are identifying three main avenues for cyber criminals to infiltrate computer networks.

The first is a targeted attack on a specific entity through business email compromise. In this instance, a hacker will forge a business email to look like a common communication or transaction. The goal is to trick users into conducting bank transactions where money is transferred or wired into an account by the attacker.

Second, criminals are increasingly using a tactic known as ransomware, where a hacker will infiltrate the network and block access to the network, generally through a phishing email, and encrypt the organization's data using malware. The data, then, stays encrypted and unreachable until the company (or government) pays a certain amount of cash. This type of attack, Thompson explains, is either a crime of opportunity or targeted.

The third form of attack is phishing where the attacker's motive is to attain credentials like passwords to gain access to sensitive data like banking information, health data, social security numbers and more,

Thompson, the State Chief Risk Officer, says criminals may use these instances where and when they know a company or institution does not have the resources or cyber security personnel to adequately defend its network.

"Generally speaking the attacks we've seen haven't been targeted - it's just been opportunistic," she explains. "The way the emails are crafted, it creates an emotional action from the end user, whether it's an urgent or important subject that gets your attention."

Phishing in particular is how the local governments fall victim to ransomware attacks.

Some companies - and governments - not reporting their breaches

In her presentation to emergency officials, Thompson's most poignant warning focused on the unknown - the attacks, the vulnerabilities and losses that were not reported to her office.

"There's this fear of coming forward to report a cyber incident, but we need to get over it because at the end of the day, even Fortune 100 companies are getting hit with ransomware and other attacks."

If companies and governments don't report, Thompson warns, they are hindering the ability for officials and residents in general to beef up security and be ready for the next attack.

"It is a shared risk environment that we are living in within this state. It's not just you operating in your silo. We're all connected. We all have a connection to each other that when you accept a risk, when you make a decision, it could (harm) the state as a whole."

On a personal level, officials are encouraging all users to improve their "password hygiene" and invest in anti-virus and anti-malware software.

For Jim Northrup and Orange County, administrators and managers are now regularly conducting cyber attack simulations and scenarios to ensure there won't be another shutdown.

They're also working hand in hand with Thompson and her team, which Northrup says is a tremendous resource.

"A firewall isn't good enough anymore. You have to have mechanisms in place to detect anomalous behavior on the inside of your network as well as going on the outside of your network."
Copyright © 2021 WTVD-TV. All Rights Reserved.