City combats cyberattack
City of Coeur d'Alene
COEUR d’ALENE — Emergency services for the city of Coeur d’Alene were operating normally Wednesday following a cyberattack on the city’s computer network.
The city’s website and landline phones remain offline for the third straight day as it deals with malware found Sunday in its network.
"Because of the cyberattack on the city’s computer network, some of the communication methods are not currently working," a police department press release said.
The city is working with national cybersecurity and data forensics consultants to resolve the situation.
"In an abundance of caution, we have taken affected systems offline while we work to secure and restore services safely," a press release said.
The city has said little about the situation and has not said if citizen information in its network may have been compromised.
Idaho Code 28-51-105 requires an Idaho public agency to notify the Attorney General's Office within 24 hours of discovering a breach of its security system.
Ken Wardinsky, chief information officer for North Idaho College, said an intruder accessed NIC’s network in October 2022 and in a short time caused "havoc” before being stopped.
He said NIC budgets about $500,000 for cybersecurity and is asking the Legislature for another $750,000.
“Montana State (University) got hit and they have a huge cybersecurity budget,” he said.
Wardinsky said, in most cases, a breach of a network is done through phishing attempts and exposed user identifications and passwords.
Phishing is defined as “the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."
If people open such an email and click on a link, it can release a virus into the network.
Wardinsky said if a username is obtained, a password can sometimes be guessed as people tend to use the same ones.
"It's just a common, human thing,” he said.
If a network is compromised, the first step is to contain the damage, shut down the network and try to preserve the system, Wardinsky said.
Then, the goal is to try and determine how the network was accessed.
“Forensics, basically,” Wardinsky said.
There is a chance to restore the system and bring it back online if a good backup is in place, he said.
Enhanced security measures, additional training and changed passwords would be part of the process to prevent it from happening again.
Most cyberattacks have specific targets — individuals, businesses and governments — and are done remotely.
“There are people behind the keyboard,” Wardinsky said.
The city said malware was found Sunday in its network. According to TechTarget, malware includes computer viruses, worms, Trojan horses, ransomware and spyware.
"These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end-users' computer activity," TechTarget said.
Wardinsky said ransomware, which is a type of malware, works like a hostage situation.
“A bad actor gains access to your network,” he said.
Once in, the intruder will poke around the network, trying to access key data. If found, they can upload the data, encrypt the system they invaded and demand money to decrypt it and threaten to release the data on the black market.
Wardinsky said it’s a tough situation because the hackers still have the data and even if paid, may not provide the encryption code.
Jim Alves-Foss, director of the University of Idaho Center for Security and Dependable Systems, said there are many ways to breach a network.
He said the most common is a phishing attack. He said user credentials, names and passwords can be obtained if people aren’t careful online. Browser attacks, which target vulnerabilities in web browsers, are also used on targets.
Alves-Foss said both large and small municipalities are susceptible to cyberattacks, which can be carried out on several targets simultaneously.
“They can hack you anywhere, no matter where they live,” he said.
He said in ransomware cases, the cybercriminal usually demands payment in cryptocurrency, such as Bitcoin, which is difficult to track. And it's also generally sent overseas, so to track the hacker and try to get the money back, cooperation from authorities there would be needed.
Alves-Foss said that is unlikely.
In some towns and villages in other countries, the creation and distribution of malware is big business.
"It's a major part of their economy," he said.
District Rep. Tony Wisniewski said businesses and others affected by cyberattacks should report the incidents so better defenses can be developed.
"The demand for well-trained cybersecurity personnel is skyrocketing, and the state of Idaho is providing training in this field at several of the community colleges and universities," he wrote in an email to The Press.
On Tuesday, the House Education Committee was given presentations on cybersecurity by the presidents of the four state community colleges.
"Although all of the community colleges are beefing up their Career and Technical Education programs, some of them are offering specialized training in cybersecurity," Wisniewski wrote.
One of Idaho National Lab’s core missions is to be a world leader in cybersecurity, and they work on some of the most modern supercomputers at their facility in southeast Idaho, he wrote.
The College of Eastern Idaho is collaborating with INL to train cybersecurity technicians, as well.
"Similarly, North Idaho College houses some of the computers for the University of Idaho’s cybersecurity program, so they share some of their training courses as well," Wisniewski wrote. "The state has been placing a great deal of emphasis and funding for all CTE programs, starting in the grade schools."
Wardinsky said it's impossible to prevent cyberattacks with 100% success. He said they are increasing and becoming more sophisticated, so the cost and resources necessary to combat them is rising.
He said a goal is to minimize their impact.
“I don't think you can ever fully prevent it,” he said.