By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

In the latest cyber attack, the State of Nevada has been crippled by an unknown attacker. The attack was first reported by the office of the Governor on August 24, and some websites and services remain down at the time of this article, though emergency services are still available.

This is unsurprising to me, since most emergency services are contracted through a third-party vendor, meaning an attack on the state would leave them unaffected.

What do we know so far? State offices including DMV (Department of Motor Vehicles) remain closed at this time, yikes! Some offices remained closed on Tuesday, according to local news outlets. There are very little details as to the nature of the attack, but if I had to guess I’d bet it was ransomware.

What is ransomware? A ransomware attack is a type of malicious cyberattack where attackers encrypt a victim’s files and systems, preventing access, and demand a ransom payment (often in cryptocurrency) to restore control.

Initial access is achieved through methods like phishing emails or exploiting vulnerabilities, then deploying ransomware to encrypt data and sometimes steal it for “double extortion”. Victims often discover the attack when they are locked out of their systems or see a ransom demand message. I have no confirmation of this theory, but it certainly seems likely.

There is currently no evidence that Nevada residents personal info was compromised by this attack, but… if it is a ransomware attack, there is always a chance of data exfiltration. Locals have been put on alert for unsolicited calls, emails or texts asking for personal or financial information.

Ironically, Nevada spun up its cyber security office on July 1st, and this attack is certain to give the newly hired experts a chance to shine. The office was opened with the goal of centralizing statewide cyber operations, appointing Adam Miller as deputy director. The new office’s primary goals include developing vulnerability-management programs and coordinating incident response with the relevant federal agencies. This attack is certainly the perfect opportunity for them to practice their skills.

If I had to guess how this attack happened, I would bet via phishing or other social engineering attacks. The weak spot is always going to be the humans, and that’s why we need to be aware of the threats.

How can you avoid a phishing/vishing/smishing attack?

• Watch for signs like poor grammar/spelling
• Generic greetings without any personalization
• Urgent or threatening language
• Unexpected attachments
• Email seems too good to be true
• Unknown sender requesting information

Be cautious in interactions with any unknown senders! Make sure you have multi factor authentication on all the accounts you care about. Never give your multi factor authentication codes away to anyone- support or anyone else will never ask for these. Be suspicious and view any odd emails as possibly malicious.

Be aware of the threats like this out there and try to stay on top of any data breach notifications so you can watch for potentially targeted cyber attacks. Once the bad guys get your info, plus context from whoever they stole it from, they can craft some pretty tricky attacks. Always verify via an independent means if you aren’t’ sure of the authenticity of an email, text or phone communication.

Stay safe online, watch the news, and be aware of the potential risks to your data from cyber attacks on vendors, public offices, etc.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.