Surge in Cyberattack Attempts in Nevada

In the aftermath, cyberattack attempts on state systems escalated dramatically: within 72 hours following the state’s public disclosure and first press conference about the attack, the state’s firewalls logged about 150 million hits. That represents roughly a 300% increase over the usual daily rate. Normally, Nevada sees about 150,000 attempted hits per day, but the ransomware breach and subsequent public awareness created a major spike.

To counteract the risk of further damage, Nevada’s government launched a mandatory statewide password reset for all employees, strengthened minimum password standards, expanded multi-factor authentication (MFA), and initiated identity-hardening governance policies.

By September, officials reported that approximately 90% of the state’s public websites and services had been restored. Some critical services, including certain public safety-related sites, remained offline, but restoration was moving forward.

Source

Given InfoSight’s focus (assuming strengths in cybersecurity, infrastructure, digital resilience, and governance), here is how we might respond and help a state or local government facing a similar situation:

Incident response readiness and playbooks before the breach

Before an attack, ensure there are strong, well-tested incident response plans that include scenario planning for ransomware, DDoS / brute force flooding, phishing campaigns, and credential theft. This means routinely doing tabletop exercises, having clear roles & escalation paths, and ready access to legal, communications, technical leaders.

Rapid detection and containment

Deploy advanced detection tools (IDS/IPS, SIEM), continuous monitoring of firewall and network traffic, automated alerting when signature or anomalous behavior appears (e.g. sudden spike in hits). Swiftly isolate affected systems or networks to limit spread or exfiltration.

Credential and authentication hygiene

As Nevada did, enforce strong password policies, mandatory MFA, identity-hardening. Also enforce least privilege (only giving employees access to what they need). Institute regular password audits and revoke credentials from any terminated or compromised accounts immediately.

Proactive threat intelligence & phishing awareness

Maintain up-to-date threat intelligence sources to anticipate attacker tactics, especially when there is heightened awareness among adversaries after a breach. Provide training to staff (especially after public announcements) to detect phishing or suspicious credential-harvesting attempts. Phishing simulations can help.

Transparent communication with the public & internal stakeholders

Information must be shared carefully: what was impacted, what is being done, and realistic timelines for recovery. Public announcements should be coordinated to avoid revealing sensitive operational details that attackers could exploit. Internally, employees must be informed and guided clearly. For example, Nevada’s announcement about password resets triggered attackers to attempt phishing in “real time,” so employee awareness was critical. 

Backup, data integrity, and recovery

Maintain secure, offline backups of all critical systems and data; regularly test recovery from backups. Ensure backups are protected from tampering. In a ransomware event, having reliable backups is one of the strongest defenses to get services back online quickly.

Governance, policy, oversight

After the breach, Nevada implemented policy changes and governance controls: stronger password standards, governance over authentication methods, etc. InfoSight would help define and implement these policies, audit compliance, and ensure oversight to ensure that the technical fixes persist (not just “band-aid” or emergency mode).

Continuous improvement and lessons learned

Once recovery is underway, run a post-mortem: what worked, what didn’t, what vulnerabilities were exposed. Feed that into updating policies, training, architecture, and response plans. Also, simulate possible future attack vectors.