Hall County in Georgia became the victim of a cyber-attack on October 7th that affected their networks and phone systems. County representatives initially stated that they believed no unencrypted data had been accessed by attackers. However, a new update has proved that assumption to be untrue as just yesterday Doppelpaymer released more than 1GB of data belonging to the county while also claiming to have compromised over 2,400 devices during their attack. Included in the leak were 911 spreadsheets, election documents, lobby comment cards, and accounting and financial records. Although most of the information included in the election documents is public information, it can still be used in more aggressive targeted phishing campaigns. There is also at least one known document that includes a Social Security Number belonging to a voter.
Analyst Notes
It is unclear what type of security controls Hall County had in place to defend against these types of attacks. Binary Defense recommends a defense-in-depth strategy that involves pairing anti-virus solutions with endpoint detection and response monitored by skilled security analysts to reduce the ability of threat actors to expand their influence in a network and deny them the ability to deploy ransomware or steal sensitive files. Our Security Operations Center (SOC) monitors client systems on a 24/7 basis to look for signs of intrusion and has the ability to contain the threat, when appropriate, before it turns into a larger issue.
Source: https://www.bleepingcomputer.com/news/security/georgia-county-voter-information-leaked-by-ransomware-gang/
