Login credentials for more than 40,000 Government accounts in 30 countries have been discovered by Russian cybersecurity researchers from Group-IB.
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“Government agencies are easy targets of phishing campaigns because they often publish their employee directories online. They are also highly desired targets because they store sensitive information on state secrets, on new products in the process of approval, including those of the world’s largest companies, and on private citizens. And given budget cuts, many of these agencies rely on large pool of third parties, who are listed in publicly available government sites. Since transparency is a government’s responsibility in a democracy, agencies should beef up their security measures. A few key steps include continuously scanning in real time the sites and mobile apps that citizens and companies use to access government services in order to identify any unauthorized activities and nip them in the bud. Second, they should know all who all their third parties are and what activities they have authorized them to conduct. Third, they should use physical devices that generate a new token each time a government employee logs in. Fourth, they should train all staff to be wary of phishing scams and other suspicious events. Finally, since securing sensitive information is key to accomplishing their mission, it should therefore be appropriately funded. These phishing campaigns will only grow in frequency, mainly because they pay off.”
Justin Jett, Director of Audit and Compliance at Plixer:
“Stolen credentials are a primary mechanism for malicious actors to gain access to sensitive information. The latest news of 40,000 stolen government portal logins is just another example. Proper password resets and time limits are important, but organizations should also ensure they deploy network traffic analytics to uncover when malicious actors attempt to access systems on the network. Because the hackers have the credentials, they aren’t going to try connecting to a machine more than once. Instead, they will try to connect to many machines until they gain access. Once they have a foothold, they will try to steal any sensitive data they can access. Network traffic analytics can show there are attempts to log in to multiple machines, especially when the user has never legitimately accessed those machines. Finally, where possible, two-factor authentication should be deployed to limit access to authorized individuals.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.