The cybersecurity threat now facing Washington state’s government first came to light last Thursday.
“This is a serious attack in volume. At the moment, the report we have, is that it has not compromised state services, and that is important to say,” said Gov. Jay Inslee.
State officials reported a highly sophisticated phishing campaign is targeting organizations across the country.
Michael Hamilton of CI Security said phishing for login information is a first step toward mounting an attack.
“Credentials are more under attack than anything else, and the reason is clear. If you give me your password, I don’t have to have to figure out how to break into your network. I just walk into it,” Hamilton said.
Bloomberg reported the situation in Washington already goes beyond phishing. “Attackers have successfully gained access to multiple state agencies, spreading malware and establishing a foothold from which they could deepen their attack,” according to the Bloomberg report.
In a Monday email — after turning down an interview request — Inslee’s office stated the Bloomberg report contained “multiple inaccuracies” and that “there are no known indications” of stolen information or a ransomware attack.
Hackers sometimes block access to data if they aren’t paid a ransom.
Last week, Inslee said that’s something the state clearly wants to avoid.
“We take this very seriously, and it’s been all hands on deck,” the governor said Thursday.
As a precaution, the state is temporarily taking some applications offline, which could affect how you access some services.
Pierce County Auditor Julie Anderson said there are “no known intrusions” into the state’s elections system.
“We’ve already got really good equipment, systems and procedures, but we’re being extra vigilant,” Anderson said.
Cox Media Group