St. Louis County Fends Off Cyber-Attack
An attempt to infect a Missouri county’s website with malware has been foiled.
Threat actors deployed Trojan horse malware in an attempt to gain access to the website of St. Louis County earlier this month.
Staff in the IT department took down the county website on September 1 after detecting multiple attacks on the county’s server.
Recently appointed IT director Charles Henderson said on Monday that the unsuccessful attack had been an attempt to take control of the website. According to Henderson, none of the county’s data was compromised, lost, stolen, or corrupted as a result of the cyber-attack.
Threat actors were observed mimicking legitimate traffic in an effort to exploit a vulnerability in the website’s management system. Henderson said the incident was a close call, with the attackers managing to bypass all but one of the county’s cyber-defenses.
“All that it would have taken is for a single Trojan to get past . . . and the server would have been compromised,” Henderson told the Saint Louis Dispatch.
Rather than risk the attackers penetrating that final layer of defense, Henderson’s team opted to take the site down and install a new site that was in development, ready to be launched in a few months’ time.
“We took the web server down for maintenance with the intent of closing the security vulnerability and bringing the site back up,” Henderson said.
“After examining their attack method and the options available to us, we determined that we could not, with confidence, defend the server against further attacks and with only a single layer of defense available we recommended that we not bring the system back online.”
Operations in Camden County, Missouri, were disrupted in April this year following a “sophisticated encryption attack.”
Elsewhere in the Show-Me State, around 360, 212 patients of Kansas City–based Saint Luke’s Foundation (SLF) were affected by the recent ransomware attack on Blackbaud, a third-party vendor.
A public notice issued last month by Saint Luke’s stated that the cyber-criminal who carried out the ransomware attack removed a copy of SLF’s backup file for the purpose of extorting funds from Blackbaud.