Cyberattack In Nevada Started In May But Only Discovered In August: Report

Nevada recently disclosed details of a significant cyberattack that began in May but was only detected three months later in August. The breach disrupted multiple state services, putting many state workers on paid administrative leave while residents were unable to get driver's licenses. Employers also faced hurdles conducting background checks on new hires. The ransomware, which was triggered by a state employee accidentally downloading malicious software disguised as a common IT tool, led to a prolonged outage that took nearly a month to fully resolve. According to an after-action report released by the state, the attack cost at least $1.5 million to recover from, with $211,000 spent on overtime wages and around $1.3 million paid to contractors. Fortunately, the state did not pay any ransom to the attackers. Governor Joe Lombardo praised the state's teams for protecting core services and ensuring employees were paid on time despite the disruption. The attack exploited the decentralized nature of Nevada's cybersecurity systems, allowing it to spread quickly across state networks. Security experts noted that Nevada's response time was actually better than average, as it usually takes seven to eight months to discover such intrusions. The initial infection allowed the attacker to install a hidden backdoor and later establish encrypted tunnels, moving laterally within the state's systems and eventually accessing the state's password vault server. Sensitive data, including personal info of a former state employee, was zipped by the attacker, but there is no evidence that this information was extracted or publicly released. The report outlines steps Nevada plans to take to improve its cybersecurity posture, like implementing a centrally managed security operations center and deploying advanced endpoint detection and response tools. However, cybersecurity professionals argue these measures are basic best practices that should have already been in place. The incident comes amid a surge of cyberattacks targeting state and municipal governments across the U.S., including significant breaches in Georgia, Rhode Island, Colorado, and Baltimore, which have resulted in costly service disruptions and ransom demands. Nevada's cyber insurance covered the bulk of recovery costs, helping to mitigate the financial blow. Still, analysts warn that the economic impact of being offline for weeks likely extends beyond these direct costs. Compared to other high-profile breaches, like MGM Resorts' 2023 attack which could cost over $100 million, Nevada's losses seem relatively small, but experts caution that luck played a role. The investigation into the Nevada attack is ongoing, with the perpetrator yet unidentified. The incident highlights the urgent need for more robust cybersecurity frameworks and proactive threat detection in the public sector to prevent future disruptions and data compromises.