Washington State has been hit by a “sprawling, multifaceted cyberattack” according to sources close to the matter, Bloomberg has reported.
According to the publication, several state agencies have been infected by malware, including Trickbot. Trickbot is a well-known banking trojan that is used to access online accounts or infiltrate networks. Victims are targeted using phishing emails which contain malicious attachments.
Emotet, another banking trojan, is also thought to have been used in the attack.
The sources said that the attack has been going on for over a week, but it “has yet to significantly affect state operations” and currently it does not appear to have affected election systems. However, the attack could indicate serious vulnerabilities in the state’s cybersecurity, as well as the possibility that other states could be affected.
According to Bloomberg, Washington State Governor Jay Inslee said in a press conference that the attack was the result of a nationwide phishing campaign. A source told the publication that the US Department of Homeland Security, the FBI and Microsoft are assisting Washington State in responding to the attack.
This follows the news that Universal Healthcare Services, a major US healthcare provider, has suffered an outage as a result of a cyberattack.
Sam Curry, chief security officer at Cybereason, said:
“An attack of this magnitude on the State of Washington will take some time to sort out. For a cyber nation state, if you attack any part of the United States you are attacking it all. However, that doesn’t mean total war. It means someone is attacking the US, and we should make sure that we know the extent, that we solve the damage and that we worry later about prosecution or retaliation.
“Everyone should pay attention to this, offer assistance, check for their own vulnerability and communicate early and often. It’s the federal government’s job to determine what is or isn’t an act of war, but it’s all of our jobs to help each other and make sure that we are good at all scales: community, town, county, state and so on.”
He warned that an attack could be “devastating”:
“Trickbot, Emotet and Ryuk malware working in concert with each other can have devastating short term and long term ramifications for state and local governments. Earlier this year, DHS reported that each incident averages $1m in remediation costs. The cocktail of malware has proven to be very profitable for cyber crime actors and their ability to constantly change the methods they use to deploy the malware into organisations and government agencies is one of the reasons it is very difficult to discover and remove.
“If other states find themselves in a similar situation fighting Triplethreat in the weeks ahead, it is extremely important to identify the infected computers and immediately remove them from the network. Passwords should be set within the network because Emotet typically scrapes the current credentials being used to gain access to the network. Also, since Triplethreat malware is typically deployed via email phishing scams, it is extremely important for local and state governments and all organizations to improve their security hygiene, introduce security awareness training and make sure their employees are constantly on guard. Never open emails from unknown individuals, do not visit dubious websites and never download content onto laptops, phones and other connected devices.”