On June 28, 2018, the City of Canton was the target of an email Spear Phishing attack.
The City of Canton's employees are being advised to not follow links on suspicious emails, or enter any information on unfamiliar domains.
City employees are continuing to be targets of Phishing attacks, probably being conducted by adversarial state level actors, such as Russia, China, and North Korea. City employees need to stay alert and vigilant in the fight against these attacks, because the attacks are not going to end, and they seem to be increasing in this last year.
On May 22, 2018, the City of Canton was the target of an email Spear Phishing attack.
Unfortunately the email looked like something the user was expecting and the user clicked on its link and entered the user name/password into the subsequent screens that came up and looked like the City's email login page. The site that he was forwarded to was on a different domain than the City's employees log in on, which should be the first clue to the users that it was not a legitimate email, and users should recognize the sender's name on the email!
Do Not Follow Links
The City of Canton's employees are being advised to not follow the link on the email, or enter any information on unfamiliar domains.
The City's employee realized almost immediately they entered information on a malicious website and quickly changed the password before the account was compromised.
On April 2, 2018, the City of Canton was the target of an email Phishing attack.
The email was sent from a Gmail account, which should be the first clue to the users that it was not a legitimate email from the City's IT Department, official emails will only come from CantonOhio.gov email addresses, and the users should recognize the sender's name!
The City of Canton's employees are being advised to not follow the link on the email.
If any of the City's employees have followed the link and entered information on the site then they need to contact The City of Canton's IT Hot Line immediately. They also need to change any and all passwords that they think might be the same as the information they entered on the bad website! That applies to any personal (social/financial/shopping/etc.) sites that they visit.
As a security precaution, we are temporarily only allowing users to log in to the City's website from Trusted IP addresses.
Starting on February 9, 2018, the City of Canton's internal network was infected with a virus. At the time the City did not know the extent that the virus could propagate. The virus spread without user interaction via zero-day vulnerabilities in the Windows networking ports.
The virus was designed to go out to the internet to get instructions from the hacker that created it. Thankfully the way the City's networks are designed and managed, it was not able to get instructions from its creator. So all it could do was spread, and not do any damage or exfiltrate any information.
The City worked with its antivirus providers to make progress in eradicating the virus from the network.