A few weeks ago, a data breach was reported that involved an unclassified computer network used by President Obama’s senior staff, prompting countermeasures by the administration and resulting in temporary system outages. Officials said the attack did not appear to be aimed at destruction of either data or hardware, or assuming control of other systems at the White House, which leads me to ask: what were the hackers looking for?
Recent reports and the Washington Post have disclosed cyber-espionage campaigns by hackers thought to be working for the Russian government. Targets have included NATO, the Ukrainian government, and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top-tier of states with cyber-capabilities. The Washington Post also reported the nature of this breach is consistent with a state-sponsored attack.
Featured Download: Social media access at work. Do your employees know the rules?
Interestingly, FireEye developed a report supporting this assertion. According to the report, APT (Advanced Persistent Threats) 28: A Window Into Russia’s Cyber Espionage Operations, FireEye believes APTs that target malware, language and focused operations indicate a government sponsor that is most likely Russian in nature. While there have been no reports that definitively confirm the Russian government was responsible for this particular breach, the ways in which the actors behaved are similar to those described in the FireEye report.
The truth is, attacks such as this are becoming more prevalent, and the actors are becoming more devious. The Department of Homeland Security reports that cyberattacks are growing more “sophisticated, frequent, and dynamic.” To decrease the likelihood of future breaches, government entities are encouraged to join the Continuous Diagnostics and Mitigation (CDM) program to implement tools that identify cybersecurity risks on a continuous basis, prioritize risks based upon potential impact, and enable cybersecurity personnel to mitigate the most significant problems first.
Different agencies in the federal government experience breaches of increasing levels of gravity, which results in these particular agencies moving up in priority on the CDM task order list and getting closer to obtaining funds for CDM. Sadly, it seems as though a data breach needs to happen before elevating it within the task order listing, which is a bit of circular logic. Agencies should take a more proactive stance by:
– Shifting their security mindsets from “incident response” to “continuous response,” wherein systems are assumed to be compromised and require continuous monitoring and remediation.
– Adopting an adaptive security architecture for protection from advanced threats.
– Spending less on prevention; investing in detection, response and predictive capabilities.
Federal agencies need to become more proactive and aggressive in protecting their biggest assets – their data.
By Wallace Sann, CTO, ForeScout Technologies
About ForeScout
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.