You don’t have to be a big fish to attract the attentions of a predatory cybercriminal. Yarrow Point is a small village in Washington State with a population of little more than 1,000. Despite this, it has suffered a succession of hacks that left its mayor with a red face and its coffers depleted to the tune of $60K.
As is often the case, the three-stage incursion capitalised on a combination of complacency, gullibility and poor communication. Responding to a bogus email from the mayor, the town’s financial controller wired a first installment of c $15K to the hacker’s bank account in New York. A second request for c $35K followed shortly afterwards. The obliging fiscal coordinator duly made a second payment. It was only when a third demand for $64K came through that anyone smelt a rat. Later in the year, the town was hit by a ransomware attack and paid out $10k in bitcoins to retrieve it data, plus around $46K on specialist help to sort out the attack.
Poor training and ageing systems are leaving places like Yarrow Point wide open to exploitation. While the financial hit in this case was relatively modest, this kind of attack could easily cause greater damage by compromising critical services, emergency communications, records and infrastructure.