Dallas County officials said Tuesday that a cyber attack they now confirm was detected on October 19 has been contained with no closure of services.
However, concerns remain about protecting the personal information of employees and evidence for court cases.
The Tax Office at Dallas County’s Records Building and every other county function operated normally, officials said.
Computer networks were online for public access. A hacker group claims in an online post that it accessed data and plans to post it on Saturday.
Get DFW local news, weather forecasts and entertainment stories to your inbox. Sign up for NBC DFW newsletters.
“We have no idea whether what they say is true or not,” County Commissioner John Wiley Price said.
There has been no ransom demand, according to Price. Most Dallas County data is public records anyway.
What could be damaging is the public release of county employees' personal information or evidence for court cases.
Local
The latest news from around North Texas.
University of Texas at Dallas Cyber expert Dr. Murat Kantarcioglu said hackers typically try to access more sensitive files.
“Usually, attackers leave some back doors open so they can continue the attack in the future. So, it’s really important to remove these back doors and any malware they left behind,” he said.
Price said county people have been working to address the problems, and outside experts investigating the issues have given positive feedback to the response.
“IT took action. We notified all of our partners. They were on spot immediately. They said we have followed all of the protocols,” Price said.
Dallas County government is just the latest North Texas target of a cyber attack.
The City of Dallas was crippled in May by a ransomware attack.
To contain any spread, Police and Fire dispatch computers were shut down. Municipal Court closed. Library computers were offline.
“Clearly, there is increase on this, and one reason is it’s easier now. Almost everyone is connected,” Kantarcioglu said. “Increasingly local governments are targeted by cyber-attacks.”
Now, Dallas Police have been cautioned about electronic communication with Dallas County criminal courts.
“And they should. And we did the same things when we heard they had had a hit,” Price said.
Kantarcioglu said court files could be an appealing target to influence the outcome of cases.
“Imagine there was a significant piece of video evidence against a person. If the evidence is not there, what are you going to argue,” he said.
The UTD expert said the experience from other attacks helps improve response to new ones.
County officials said there is no indication that court evidence has been hacked.
And they are working to protect the personal information of employees.
“I’m speaking from that vantage point,” Price said.
It includes the personal information of elected officials like the County Commissioners, too.
Here is the entire message posted by Dallas County Tuesday about the cyber incident.
Dear Residents and Partners,
Thank you for your inquiry. We value our relationship with you and your confidence in us. We can share the updated information below about the recent cybersecurity incident impacting Dallas County.
Description of the Incident
As you are aware, on October 19, 2023, Dallas County became aware of a cybersecurity incident affecting a portion of our environment. Once we detected the incident, we retained external cybersecurity professionals to assist in our efforts to contain the threat, investigate the nature and scope of the attack, and enhance our security efforts to reduce the likelihood of recurrence of this type of attack.
Currently, our work with the cybersecurity firm is ongoing. While our goal is to be transparent and forthcoming with information relating to the incident, we do not want to make premature assumptions about the extent of impact or other details, which may evolve as the forensic investigation advances. Because transparency is important to us, however, we are sharing additional information relating to our containment efforts. The County will provide updates as soon as more information becomes available.
Containment and Additional Security Efforts
Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems. It appears the incident has been effectively contained, partly due to the measures we have implemented to bolster the security of our systems. These measures include:
- Extensive deployment of an Endpoint Detection and Response (EDR) tool across servers and endpoints connected to our network.
- Forcing password changes for all users to grant access to our systems.
- Mandating multi-factor authentication for remote access to our network.
- Blocking ingress and egress traffic to IP addresses identified as malicious.
Currently, there is no evidence of ongoing threat actor activity in our environment. Given these measures and findings, it appears at this time that the incident has been successfully contained and that Dallas County's systems are secure for use.
Next Steps
We hope the information we can provide today answers questions you may have about the incident, and we appreciate your patience and understanding as we continue to work through this process. Our team and resources are focused on completing the investigation. We will keep you apprised of relevant developments as the investigation continues through this dedicated webpage. We encourage you to visit it frequently.
Thank you for your continued partnership and support.
