Brinztech Alert: Minnesota Local Governments Facing Daily Cyberattacks

Threat Intelligence Analysis: Minnesota Reports Relentless Cyberattacks on Public Sector

State officials in Minnesota have confirmed that local government entities are facing a relentless barrage of cyberattacks, with incidents occurring on an “almost every day” basis. According to new data from Minnesota’s IT Services (MNIT), 186 cybersecurity incidents have been formally reported by public agencies since a mandatory reporting law took effect in December 2024.

The majority of these incidents involve “compromised account/password,” where stolen employee credentials are used to gain unauthorized access to systems and data. This constant pressure has led to several high-profile, disruptive attacks, including crippling ransomware incidents that have recently targeted the City of St. Paul and Mower County, shutting down public services and compromising sensitive data. The new reporting requirement, which covers over 3,000 public entities, is designed to create an early warning system for widespread threats targeting the state’s public sector.

Key Cybersecurity Insights into the Minnesota Government Attacks

This sustained campaign against a state’s local governments reveals several critical trends and vulnerabilities in the public sector:

• The Under-Resourced Front Line: The core issue highlighted by state officials is that many local governments are “soft targets.” They are on the front lines of cyber warfare but often lack even a basic IT team, let alone dedicated cybersecurity experts. This resource gap makes them highly vulnerable to attack.
• Credential Compromise as the Gateway to Catastrophe: The prevalence of password compromise as the primary incident type demonstrates that attackers are successfully exploiting the human element. A single stolen credential is often the initial entry point that escalates into a devastating ransomware attack, data exfiltration, or a complete network compromise.
• Ransomware as an Attack on Public Services: The recent incidents in St. Paul and Mower County show that ransomware attacks on government bodies are not just data breaches—they are direct assaults on public services. These attacks halt city operations, delay emergency services, disrupt civic functions, and can put citizen safety at risk.
• The Power of Mandated Reporting as a Defensive Tool: While the statistics are concerning, Minnesota’s new mandatory reporting law is a crucial step forward. It provides MNIT with invaluable, real-time threat intelligence, enabling them to identify coordinated campaigns, spot emerging attack patterns, and share critical warnings with other municipalities before they are hit.

Critical Mitigation Strategies for Local Governments

For often under-resourced public entities, focusing on foundational and cost-effective security measures is key:

• Prioritize the Fundamentals: MFA and Password Hygiene: Since credential compromise is the number one entry point, the single most effective defense is mandating Multi-Factor Authentication (MFA) on all accounts, especially for email and remote access. This should be paired with strong password policies and continuous employee training on recognizing and reporting phishing attempts.
• Leverage Shared Services and State-Level Support: For municipalities without a dedicated IT team, it is essential to proactively engage with state-level programs like MNIT’s “Cyber Navigators.” Exploring shared service agreements with neighboring counties or cities can also provide access to professional cybersecurity expertise at a fraction of the cost.
• Develop and Test a Simple Incident Response Plan: Every entity, regardless of its size, must have a clear, actionable incident response plan. This plan should answer basic questions: Who do we call first in an attack? What are the first steps to isolate a system? How do we communicate with stakeholders? A simple, tested plan is infinitely better than no plan at all.
• Implement and Verify Resilient Backups: To counter the ever-present threat of ransomware, a robust and tested backup strategy is non-negotiable. Adhere to the 3-2-1 rule (at least three copies of your data, on two different media types, with one copy stored securely offline or air-gapped) and regularly test your ability to restore critical services from these backups.

for report this post please contact us: contact@brinztech.com