(844) 627-8267
(844) 627-8267

Arlington High School hack costs town nearly $500,000 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The scheme was revealed in February when the town was contacted by the actual vendor, which reported that it had not received the expected payments.

“It was immediately apparent that we had been defrauded,” Feeney said in a statement.

The scheme, according to town officials, was a detailed ruse that began when hackers compromised some town employees’ emails.

The hackers were able to monitor email discussions of the high school project between Arlington officials and outside vendors. Using a fraudulent email domain to pose as an established vendor, the hackers requested that the town change payment methods, from check to electronic transfer. Four monthly payments were transferred under the new payment method.

To cover their tracks, the hackers also fabricated and deleted emails from employee accounts, and created inbox rules to hide incoming messages.

Once the fraud was uncovered, the town contacted law enforcement agencies, including the FBI and the Secret Service. The investigation determined that Arlington’s town system was compromised between Sept. 12 and Jan. 30.

Town officials said that no sensitive or resident data was compromised in the breach.

Of the nearly $500,000 in lost funds, the town was able to recover $3,308 through its banking institution, and has also filed an insurance claim over the incident.

For now, though, Arlington remains on the hook for the lost money. Last week, the committee overseeing the construction of the new high school voted to authorize payment to the original vendor for services rendered over the four-month period.

Despite the fraud, town officials say the project is still expected to be completed as planned.

Workers broke ground on Arlington’s new high school in 2020. The latest phase of the project, which included more than 40 classrooms, a 600-seat cafeteria, and a two-story library, opened last November, according to the project website. Work is expected to conclude in September, after the completion of the athletics wing and two new multiuse sports fields.

“Thread-jacking,” the cyberattack strategy used to target Arlington, is relatively common, according to Brian Krebs, a cybersecurity researcher and consultant.

“These types of attacks are some of the most frequent, and they are among the most profitable,” Krebs said. “It’s fairly remarkable, because they don’t really require much, if any, upfront financial investment by the attackers. And they potentially net them millions or tens of millions of dollars, when they trick state and local governments into moving money where they shouldn’t.”

Recent months have seen a spike in cyberattacks, which cost around $12.5 billion in losses last year according to the FBI. And while attacks against state and local governments are on the decline, they can still have a serious impact on town coffers.

That includes communities like Orange, which was also recently scammed out of badly-needed construction funds — to the tune of $338,000.

Other Massachusetts municipalities that have fallen victim to cyberattack in recent years include Brookline, New Bedford, Tewksbury, Franklin, Quincy, and Concord. Last year, a ransomware breach in Lowell forced the city to essentially reboot its entire computer system.

Local governments sometimes lack the resources to implement thorough cybersecurity training for their employees, Krebs said, and often eschew practices such as dual control procedures that require more than one person to sign off on transactions.

According to a 2023 report by the Public Technology Institute, nearly two-thirds of local government officials believe their budgets are inadequate to support their cybersecurity programs.

Camilo Fonseca can be reached at [email protected]. Follow him on Twitter @fonseca_esq.


Click Here For The Original Story From This Source.


National Cyber Security