Virginia Department of Environmental Quality's website was compromised by a “malicious party” who gained access to agency system.
The incident was reported on May 22 after the intrusion was “detected and contained quickly,” Virginia Information Technologies Agency spokeswoman, Marcella Williamson told the Richmond Times-Dispatch.
“A malicious party got into the system; however, the intruder was detected early by VITA and blocked, preventing significant changes,” Williamson said.
The agency subsequently took the site down for nearly two weeks and it has since been restored although a few applications remain out of order. Officials said there is no way to identify the attacker or their ultimate goal is but said the threat actor was initially targeted systems hosting the website and that the incident was discovered before they could access additional data.
Pat Ciavolella, malware team lead at The Media Trust, said government websites are common targets for hackers because they draw millions of viewers/users who enter sensitive information in order to access services, have strapped budgets which limit their amount of security measures and agencies tend to maintain legacy systems, software, and machines that take time to patch and update.
“The budget issue is even more pronounced for state agencies like the Virginia Department of Environmental Quality,” Ciavolella said. “All the more reason why agencies need to continuously scan their websites and mobile apps in real-time for any unauthorized actors and activities”
Ciavolella explained there is simply too much information and people at risk with government sites and that the lack of security will continue to make them a prime target.