South Carolina municipalities facing nonstop cyberattacks, working from home a potential threat

MYRTLE BEACH, S.C. (WBTW) — South Carolina municipalities can be an easy target for cyberattacks, highlighting the need for safety infrastructure months after high-profile hacks have shone a spotlight on the issue.

“It is important for organizations to protect themselves from these attacks because everything now involves computers,” said Ryan Truskey, the deputy chief information security officer for the South Carolina Law Enforcement Division. “It is something that every organization needs to protect.”

Truskey said that there is “a high level” of incidents in the state, with government, health care, and financial institutions the biggest targets for cybercriminals. What makes these attacks even more common, he said, is that municipalities can be seen as easy prey. 

“Cyberattacks are something that happen all day, every day, all night, and when we are protecting cyberattacks,” Truskey said, also noting that security apps on networks block a lot of low-level attacks.

In January, Georgetown County experienced a “major infrastructure breach” following “a very sophisticated attempt” that “most people would have mistaken for being a legitimate email,” which impacted online systems like email and GIS, according to officials. Attackers demanded a large amount of cryptocurrency as ransom, which officials refused, opting instead to rebuild its system entirely. Those types of attacks are often linked to terrorist organizations, the county said, and there’s no guarantee that cybercriminals would follow through on promises to restore systems. 

Stolen data — including social security numbers of some employees — was later posted by DoppelPaymer, a ransomware gang.

Georgetown County’s system is back up and running, according to Jackie Broach, the public information officer for Georgetown County. 

Prior to the incident, Broach said IT staff trained employees on how to identify and avoid cyber attacks. That training continues, and the county has implemented additional safety measures such as better threat detection, two-factor authentication, and cloud-based email and document systems. 

In May, the Colonial Pipeline, which transports 45% of all fuel consumed on the East Coast, had to temporarily halt all pipeline operations following a successful attack, leading to a massive panic at the pumps in South Carolina as people rushed to fill up their vehicles. 

A July report from North Myrtle Beach shows that the city blocked at least 255,000 web attacks and quarantined and/or blocked more than 90,000 emails. News13 reached out to the city for more information. A spokesman said “the City declines to participate” and said its protocol is to not discuss security measures.

The South Carolina Critical Infrastructure Cybersecurity task force, or SC CIC, started under former Gov. Nikki Haley and was formed by Gov. Henry McMaster in an attempt to create a working group to investigate the state’s infrastructure. The task force is made up of agencies such as the Office of Homeland Security, the FBI, the U.S. Secret Service, the National Guard, the state emergency management, and the election commission, among others. 

Truskey said it’s a high-priority topic for SLED. With how fast technology changes, he said, it’s hard to stay up to date. Systems need to be functional, but also secure. 

More recent attacks have targeted supply chains and shown that agencies can no longer inherently trust software to block cybercriminals.

“User education is extremely important, and that is one of the things that we provide in the SC CIC is training in that space,” Truskey said. 

A successful attack can cost agencies both money and their reputation and can lead to legal action, depending on what type of information is released. 

Truskey said the Georgetown County breach was reported to the task force and handled at the county level. That attack, he said, is similar to others that he’s seen. Truskey said the county was not a member of the SC CIC program at the time but has since joined. 

The program is opt-in and currently used by more than 100 agencies in the state. It offers free services like training and system audits. Part of its initiatives includes sending 15 emails similar to attacks it’s seen circulating, and then will follow up with training on how to securely work from home and how to identify fake text messages.

Working from home during the pandemic, Truskey said, can be risky for security.

“That creates a lot of challenges because organizations used to have everyone on site on their network, and in place on their network to protect those users,” he said. “Now, these users went home and are using their home networks, where the same security services don’t apply.”

He said organizations can prevent attacks by educating users and cleaning up systems. He encourages nonparticipating agencies to opt in to the SC CIC program, which will help share information and lessons that can help prevent future breaches.

“If nothing else, we are a second set of eyes to augment the security they are already doing at their agency,” he said.