Dallas County officials announced Tuesday that a confirmed cyberattack detected on Oct. 19 was thwarted without any service outages.
However, concerns remain about the protection of employees' personal information and evidence in court cases.
Officials said the tax office and other county functions at the Dallas County Recorder's Office were operating as usual.
Computer networks were publicly accessible online. The hacker group claims to have accessed the data in an online post, which they plan to post on Saturday.
“We don't know if what they're saying is true,” said County Commissioner John Wiley Price.
Price said there was no demand for ransom. In any case, most of Dallas County's data is public records.
Potentially damaging would be the release of county employee personal information and court evidence.
Dr. Murat Kantarcioglu, a cyber expert at the University of Texas at Dallas, said hackers typically try to access more sensitive files.
“Typically, attackers leave some backdoors open so that they can continue their attacks in the future. Therefore, it is very important to remove these backdoors and the malware they leave behind,” he said. said.
Price said people in the county are working to address the issue, and outside experts investigating the issue have given positive feedback on the response.
“IT took action. We notified all partners. They were on scene right away. They said we were following all protocols,” Price said.
Dallas County government is just the latest target of a cyberattack in North Texas.
The city of Dallas was crippled by a ransomware attack in May.
Police and fire department computers were shut down to prevent the spread of infection. The district court has adjourned. The library computers were offline.
“Obviously, this trend is growing, and one of the reasons is that it's easier now. Almost everyone is connected,” Cantarcioglu said. “Local governments are increasingly becoming targets of cyberattacks.”
Dallas police are now being alerted to electronic communications with Dallas County Criminal Court.
“And they should. And when we heard they had a hit, we did the same thing,” Price said.
Cantarcioglu said court files can be an attractive target for influencing the outcome of a case.
“Imagine you had video of important evidence against someone. What are you going to claim if you don't have evidence?” he said.
UTD experts said experience with other attacks will help improve responses to new attacks.
County officials said there was no indication that court evidence had been hacked.
We are also working to protect the personal information of our employees.
“I'm speaking from that vantage point,” Price said.
This includes personal information of elected officials such as county commissioners.
This is the full message Dallas County posted regarding the cyber incident on Tuesday.
Dear residents and partners,
Thank you for your inquiry. We value our relationships with our customers and their trust. You can share the latest information about recent cybersecurity incidents impacting Dallas County below.
Description of the incident
As you know, on October 19, 2023, Dallas County became aware of a cybersecurity incident impacting a portion of its environment. After detecting an incident, we engage external cybersecurity experts to contain the threat, investigate the nature and scope of the attack, and implement security efforts to reduce the likelihood of this type of attack happening again. We received support for our efforts to strengthen our efforts.
Cooperation with cybersecurity companies is currently ongoing. Our goal is to provide information about the incident transparently and candidly, but we do not want to prematurely speculate about the scope of impact or other details that may change as the forensic investigation progresses. I'm not there. However, because transparency is important to us, we are sharing additional information about our containment efforts. The county will provide updates as more information becomes available.
Containment and additional security efforts
Through containment measures, Dallas County effectively stopped data from leaving the environment and encrypted files and systems. The incident appears to have been effectively contained, thanks in part to the measures we have taken to strengthen the security of our systems. These measures include:
- Broad deployment of endpoint detection and response (EDR) tools across network-attached servers and endpoints.
- Force all users to change their passwords to gain access to the system.
- Require multi-factor authentication for remote access to your network.
- Block incoming and outgoing traffic to IP addresses identified as malicious.
At this time, there is no evidence of continued threat actor activity within our environment. Considering these measures and the findings of the investigation, the incident has been successfully contained at this time and Dallas County's system appears to be safe for use.
next step
We hope that the information we are able to provide today will answer any questions you may have regarding this incident. Thank you for your understanding and cooperation as we continue to work through this process. Our team and resources are focused on completing the investigation. As the investigation continues, we will keep you informed of any relevant developments via this dedicated webpage. We encourage you to visit frequently.
Thank you for your continued partnership and support.
