Subscribe

Fraud | August 2024 Rise in cyber-attacks threatens government entities

Learn strategies that government entities can use to prevent and respond to cybercrime and fraud

The increasing frequency of fraud and cybercrimes poses substantial risks for government entities at the local, state, and federal level. In the first half of 2024, at least 50 local governments in the U.S. suffered ransomware attacksDisclosure 1, disrupting operations and exposing them to financial loss. FBI data shows that government facilities were the third largest ransomware target in 2023, surpassed only by businesses in the manufacturing and healthcare industries.Disclosure 2 Additionally, a 2024 Blackberry study found that government ranked third among critical infrastructure sectors as a target of unique malware hashes.Disclosure 3

Understanding the vulnerabilities of government entities and the threats they face creates the foundation for a proactive cybercrime prevention and response strategy. 

Inviting targets for fraud and cyberattack

The vast amounts of data that most governments collect and store attracts cybercriminals. Stolen social security numbers, tax information, and payment data give hackers everything they need to perpetrate identity theft and financial fraud.

Governments manage essential services such as power grids, airports, and water treatment plants—functions that entice attackers, including some state-sponsored actors who seek to disrupt critical infrastructure and sow chaos.

As if that wasn’t tempting enough, government entities often process large volumes of financial transactions. Despite a strong focus on safeguarding public resources and taxpayer funds, these organizations frequently rely on outdated technology and lack cybersecurity budgets to adequately meet the current threat level. 

Recent government cyber attacks

Ransomware attack on Henry County, Illinois Disclosure 4

  • In March 2024, hackers blocked access to multiple systems, forcing county officials to shut them down until they could be restored.
  • The Medusa ransomware gang took credit for the attack and demanded that a $500,000 ransom be paid within eight days (reports don’t indicate whether ransom was paid).

Ransomware attack on Muscatine Power and Water in eastern Iowa Disclosure 5

  • In January 2024, nearly 37,000 people had their Social Security numbers and customer proprietary network information (CPNI) accessed.
  • Internet services and business systems were disabled.
  • No ransomware criminals have taken responsibility for the incident.

Business email compromise (BEC) attack on the town of Arlington, Massachusetts Disclosure 6

  • Between September 2023 and January 2024, cyber criminals impersonated a vendor with a fake email domain that appeared legitimate.
  • Posing as the vendor, the criminals deceived city employees into changing the payment method to the vendor from check to electronic funds transfer.
  • Over $445,000 in funds intended for the vendor were wired to the cyber criminals before the scam was discovered. 

Rising fraud threats

Cybercriminals routinely train their sights on high-value targets. That’s unsurprising, given the relatively weak defenses of many government entities. While malware and sophisticated computer crimes are increasingly common, tried-and-true fraud methods prevail.

Check fraud remains the most common type of financial crime.Disclosure 7 The high number of checks that governments issue and accept serves as an invitation to fraudsters and provides a ready supply for the recent resurgence of check washing.Disclosure 8

As more and more payments move into the digital realm, ACH fraud is becoming increasingly common. Criminals can make changes to approved ACH payment instructions so they can redirect government funds to their own accounts.

Trending cyber threats

Hackers employ a wide array of cyber threats against government entities and agencies, the most common being business email compromise (BEC). A common BEC tactic is to impersonate an outside vendor or a senior leader in the agency, such as an agency head or government entity manager, to trick accounting and finance personnel into redirecting payments or providing sensitive data. These attacks can be made directly on a government entity’s email system or through compromised third-party vendors.

Third-party vendors with inadequate security protocols pose a significant cyber risk to government entities. Carefully manage and monitor your vendors to ensure they adhere to strict cybersecurity standards.

Phishing represents another common method of attack. Aimed at a broader audience, it involves sending a large volume of emails that appear to come from trusted sources. When recipients click on links or download attachments, they may unwittingly install malware on their device or arrive at a phony website the hackers set up to obtain login credentials.

Ransomware attacks have also become more frequent. After infiltrating a network, hackers lock down critical data or systems and demand a ransom for their release. This violation can create major disruptions to government operations and potentially lead to the loss of sensitive information.

Ransomware attacks can precipitate a data breach if the hackers decide to release or sell stolen information. At times, a data breach may be the criminals’ primary goal as they hack into systems specifically to steal information about taxpayers or government employees. A data breach often has a financial impact and causes operational disruption, but consequences may include reputational damage and potential legal ramifications as well.

Though not as common as ransomware or BEC, denial-of-service (DoS) attacks represent another cyber-hazard for governments. Criminals try to overload computer systems to limit access and disrupt or curtail operations for users. Motivations vary—attackers may be looking for financial gain, seeking to settle a personal score, or trying to cause as much chaos as possible.

Adopting defensive strategies

Educate and train employees. This is the most powerful tool leaders can use to shore up defenses. Regularly train every employee to recognize and respond to red flags, including:

  • Changes to wire instructions
  • Impersonation of parties involved in transactions
  • Communications—emails, phone calls, or texts—that exhibit potential risk signs and arouse suspicion by:

o   Demanding immediate action (e.g., transferring funds)

o   Asking for sensitive information

o   Occurring outside of regular business hours

o   Containing spelling or grammatical errors

Teach all staff to handle suspicious requests by verifying changes to instructions before acting on them. Make sure employees use only authenticated phone numbers and contacts to confirm changes and requests that arrive via email, text, or phone call.

Strengthen financial oversight. Set up processes and controls to safeguard finances and tighten your financial controls: 

  • Conduct regular audits and account reconciliations.
  • Fight check fraud with control systems like payee positive pay, reverse positive pay, and controlled payment reconciliation.
  • Schedule periodic, independent reviews of financial records.
  • Segregate financial duties to prevent any one person from having unchecked control over financial transactions.
  • Control and monitor who has access to bank accounts and credit cards.
  • Perform multiple reviews of each invoice.

Replace fraud-prone checks. Choose safer, electronic forms of payment like commercial credit cards, ACH, and Real Time Payments (RTP®) when possible.

Consider moving to an integrated payables platform. These streamlined payment processes allow governments to send all vendor payments to the bank in a single electronic file. Their bank then distributes these payments based on predefined criteria that identify risk-prone transactions.

Institute ACH best practices. Ensure that accounts payable staff consistently:

  • Verify authenticity and ownership of bank routing and account numbers.
  • Separate ACH file processing from file creation and maintenance.
  • Restrict access to payment data forms and records.
  • Use ACH Fraud Control to set parameters for allowed transactions and receive daily activity reports.
  • Perform daily reconciliation on ACH debit accounts.

Segregate accounts. Designate specific accounts for use with specific transactions, and block wire and ACH activity on accounts not designated for those purposes.

Establish stronger cybersecurity controls. As governments continue to pursue digitization, cybersecurity is a critical component of their overall risk management strategy. Limit your vulnerability by adopting these cybersecurity best practices:

  • Keep technology systems, devices, and software updated with the most current security protections. Update and patch immediately—don’t wait.
  • Back up data regularly.
  • Limit access to devices and sensitive data to authorized individuals.
  • Use single sign-on (SSO) systems.
  • Require strong passwords and two-factor authentication.
  • Invest in cyber insurance.
  • Establish a cyberattack response plan.

Establish a game plan.

Even with a strong defense, cyberattacks happen. For a quick and effective response, it’s crucial for governments to create a plan before an attack.

1.      Form a cross-functional incident response team, with both internal and external members, to develop and maintain a comprehensive response plan:

  • Internal team members should include representatives from IT, security, and senior leadership.
  • External members could include a cyber incident response firm, data forensics experts, data privacy legal counsel, and your cyber insurance broker.
  • Public relations professionals should be an integral part of your response team to help plan and execute incident-related, internal, and external communications.

2.      Make your plan available offline. A cyberattack may lock you out of your systems.

3.      Test the incident response plan periodically, under various scenarios. Conduct cyber-attack drills that provide team members an opportunity to practice their response steps, identify potential problems, and become familiar with how the response unfolds. This kind of “dry run” can reduce stress levels and improve the speed and performance of implementing your plan when an incident occurs. Responding on the fly often results in higher incident costs, excessive legal liability, and added reputational harm.

4.      Revisit and update your plan regularly to reflect emerging, real-world threats and evolving industry best practices, as well as changes within the organization. Replace team members who are no longer available due to attrition, location, or role changes.

Finding support to safeguard what matters

Fraud and cybercrimes pose a greater threat today than ever before. Talk to your Truist relationship manager for strategies and support to keep your government entity secure. 

Purple PaperSM Digital Transformation

Learn how you can put advanced technology to work for your business.
Download the Purple Paper (PDF)
Client stories

Truist helps biote expand into new markets

Insp doubles revenue and staff with first m&a deal

Grady ponce center

View all client stories

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Contact us

    Helpful links

    Business Insights
    Truist Business Lifecycle Advisory
    Business Resource Center
    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option
    Component ID : "accordionGridLayout-1396148670"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1 The State of Ransomware in the U.S.: Report and Statistics 2023, emsisoft.com, January 2, 2024.

    Disclosure 2 Internet Crime Report 2023, Federal Bureau of Investigation, 2024.

    Disclosure 3  Global Threat Intelligence Report, Blackberry.com, June 2024.

    Disclosure 4 Illinois county government, local college affected by ransomware attacks, The Record, March 22, 2024.

    Disclosure 5 Iowa electric, water utility says info of nearly 37,000 leaked in January ransomware attack, The Record, March 4, 2024.

    Disclosure 6 Phishing scammer stole almost half a million dollars from the town of Arlington, Boston.com, June 10, 2024

    Disclosure 7 Payments Fraud and Control Survey Report, Association for Financial Professionals, 2024.

    Disclosure 8 Mike Timoney, Why is check fraud suddenly rampant?, Federal Reserve Bank of Boston, August 23, 2023.

    Disclosures

    Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

    Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

    McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

    • Multilingual teammates available at our Multicultural Banking Centers
    • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
    • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    • Limited English Proficiency Support
    • New York City residents

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2025, Truist. All Rights Reserved.