The capital of Minnesota became the latest municipal victim of a major cybersecurity attack in late July. Governor Tim Walz issued an executive order activating the Minnesota National Guard’s Cyber Forces to assist the City of Saint Paul in restoring cybersecurity. A news release from Gov. Walz’s office says the magnitude and complexity of the cybersecurity incident have exceeded the City’s response capacity and the Cyber Forces will help ensure the continuity of vital services. A Star Tribune newspaper article reported many of the City’s online systems were affected, including online utility payments.
The incident highlights the importance of proactive municipal and utility cybersecurity planning to protect infrastructure, customers’ personal data, websites, email, and Supervisory Control and Data Acquisition (SCADA) systems.
Utility Billing Software Vulnerability Alert
In mid-June, the nation’s Cybersecurity & Infrastructure Security Agency (CISA) released an advisory warning in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM). CISA identified SimpleHelp versions 5.5.7 and earlier versions as having multiple vulnerabilities to ransomware actors using CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM, resulting in service disruptions and double extortion incidents.
CISA recommends organizations that use SimpleHelp RMM should:
- Search for evidence of compromise
- Apply the mitigations outlined in the advisory such as patching CVE-2024-57727 and/or implementing appropriate workarounds to prevent or respond to confirmed or potential compromises
- Follow CISA’s Known Exploited Vulnerabilities Catalog
Free Cybersecurity Services
CISA has free cybersecurity services and tools available to public and private sector organizations. The agency encourages organizations to connect with a Regional Cybersecurity Advisor, sign up for Cyber Hygiene Services and complete the Cybersecurity Performance Goals Checklist to track your organization’s implementation progress. CISA also curated a database of trusted free cybersecurity services and tools to reduce cybersecurity risk across critical infrastructure partners and State, local, Tribal, and territorial governments.