Latest Posts:
TheTechAgents
Tag

government

Browsing
Internet

Around 50% of 2021 phishing aimed at government employees: RPT By Techagents

Nearly 50% of all phishing attacks in 2021 were aimed at taking away the credentials of federal, state and local government employees, according to a report released Wednesday by the endpoint-to-cloud security company.

Phishing attacks on civil servants increased 30% from 2020 to 2021, with one out of every eight workers exposed to phishing threats during this period, a report prepared by Lookout and 200 million devices and 175 million apps Based on the analysis of unknown data from The company deals with federal, state and local government customers.

While malware delivery is dominated by mobile phishing attacks outside the public sector, credential theft is on the rise, a 47% increase in 2021 compared to the previous year, as malware delivery declined by 12% during the same period .

Compromised credentials provide an easy way for those threatened to get their hands on the valuable data that governments hold.

“The first thing that comes to mind is nation-state actors trying to establish a presence on government networks,” said Mike Fleck, senior director of sales engineering at cloud-based security provider Siren in McLean, Va.

“Fraudsters will also be interested in access – think fake unemployment claims and “cleaning up” of stolen vehicles,” he told TechNewsWorld.

“When it comes to government,” said Lookout Senior Manager for Security Solutions Steve Banda, “there is going to be some highly confidential information available that is going to be valuable to some party somewhere, either a malicious person or nation state.”

Expansion in BYOD Government

The report also noted that all levels of government are increasing their reliance on unmanaged mobile devices. The use of unmanaged devices in the federal government increased by about 5% from 2020 to 2021 – and closer to 14% for state and local governments during the same period.

“We’ve seen a lot of change in what organizations are starting to do with mobile devices,” Banda told TechNewsWorld. “There is a big shift toward unmanaged, especially as agencies become more comfortable adopting BYOD strategies.”

“Remote work has certainly accelerated BYOD,” he said.

While the increased use of unmanaged equipment suggests an expansion of remote working, it may also be a recognition of the benefits of BYOD for employees and agencies.

“I’ve had separate work and personal phones before, and it’s very easy to do everything on one device,” Fleck said.

“Covid forced remote work faster than any government procurement cycle,” he explained. “It is understandable that agencies were forced to adopt BYOD policy faster than their ability to purchase and deploy mobile device management platforms.”

Greater Phishing Exposure

Permitting the use of unmanaged equipment also indicates that agencies are finding that employees can work effectively remotely, maintained a safety awareness advocate at KnowBe4, a safety awareness training provider in Clearwater, Fla. .

“Modern software and tools allow for unprecedented collaboration capabilities, and the tools being used are more capable than ever,” he told TechNewsWorld.

“With the onset of Covid forcing many organizations that were resistant to working remotely to implement the strategy, a lot of organizations have seen benefits in allowing this to continue,” he said.

More than a third of state and local government employees are using personal devices for work in 2021, the report said, adding that these agencies are leading the adoption of BYOD.

While this offers employees more flexibility, it acknowledged that these unmanaged devices are more frequently exposed to phishing sites than managed devices, as unmanaged personal devices connect to a wider range of websites and more diverse types. use of apps.

“My experience shows that remote workers may be more vulnerable to phishing because they are working in an environment that blurs the line between job and home life than they are in the office. become more comfortable and less alert,” Krone said.

Ray Stein, CSO of Mainspring, a provider of IT-managed services in Frederick, MD, said remote workers are no more likely to fall for a phishing scam than other employees.

“But without the supervision or protection of an enterprise firewall, it’s easy to reach them through different channels,” he told TechNewsWorld. “This increases the number of phishing scams they are exposed to, leaving them more vulnerable than long-term office workers.”

old android version

The report had good and bad news about government employees running older versions of Android on their phones.

The bad news was that nearly 50% of state and local government employees are running the older Android operating system, exposing hundreds of device vulnerabilities to them.

The good news is that this is a marked improvement in 2021, when 99% of mobiles were running older versions of the operating system.

The report states that keeping the mobile operating system up to date is the best form of cyber security. However, government agencies or departments may choose to delay the update until their proprietary app is tested, it continued. This delay creates a vulnerability window during which a threat actor can use a mobile device to access an organization’s infrastructure and steal data.

“New releases or versions of the OS build on their previous releases, including all security enhancements and improvements,” said Stuart Jones, director of the CloudMark division at Proofpoint, an enterprise security company in Sunnyvale, Calif.

“Without the latest version of the OS,” he told TechNewsWorld, “the benefits of these enhancements are not available on the device or for the user.”

Stein said that in 2021, Google’s Threat Analysis Group (TAG) discovered at least nine zero-days affecting its products, including Android devices.

“Patches for those vulnerabilities were included in Android updates, but users stuck on older OS versions may not benefit from them,” he said.

need for extreme caution

Banda said it can be challenging to keep pace with Android due to its fragmented environment.

“To update to a certain level, you must have the correct combination of mobile operator and device manufacturer’s firmware,” he explained. “There are a number of factors that determine whether you can take on release.”

Not only does this make it difficult for the user to keep their Android version running, but it also makes it difficult for employers to keep the devices secure. “A company needs to know who is running which version of Android,” Banda said. “They have to figure out how to get that visibility and create policies so everyone can get up to speed on the latest version available to them.”

After working in the federal space for most of his career, Sami Allini, a biometrics specialist at Contrast Security, a maker of self-protecting software solutions in Los Altos, Calif., said he’s tormented about how long adversaries will exploit and infiltrate government institutions.

“As an activist in this field, one must be vigilant about all interactions, including those with colleagues,” he told TechNewsWorld. “As this report shows, phishing, a form of social engineering, is on the rise, and for good reason. Social engineering is one of the most effective ways to gain access to information or property that someone has access to. Shouldn’t have passed.”

Read More
By
Internet

Around 50% of 2021 phishing targeting government employee credential theft: RPT By Techagents

According to a report released Wednesday by the endpoint-to-cloud security company, nearly 50% of all phishing attacks targeted at government personnel in 2021 were taking away the credentials of federal, state and local government employees.

Phishing attacks on civil servants increased 30% from 2020 to 2021, with one out of every eight workers exposed to phishing threats during this period, a report prepared by Lookout and 200 million devices and 175 million apps Based on the analysis of unknown data from The company deals with federal, state and local government customers.

While malware delivery is dominated by mobile phishing attacks outside the public sector, credential theft is on the rise, a 47% increase in 2021 compared to the previous year, as malware delivery declined by 12% during the same period .

Compromised credentials provide an easy way for those threatened to get their hands on the valuable data that governments hold.

“The first thing that comes to mind is nation-state actors trying to establish a presence on government networks,” said Mike Fleck, senior director of sales engineering at cloud-based security provider Siren in McLean, Va.

“Fraudsters will also be interested in access – think fake unemployment claims and “cleaning up” of stolen vehicles,” he told TechNewsWorld.

“When it comes to government,” said Lookout Senior Manager for Security Solutions Steve Banda, “there is going to be some highly confidential information available that is going to be valuable to some party somewhere, either a malicious person or nation state.”

Expansion in BYOD Government

The report also noted that all levels of government are increasing their reliance on unmanaged mobile devices. The use of unmanaged devices in the federal government increased by about 5% from 2020 to 2021 – and closer to 14% for state and local governments during the same period.

“We’ve seen a lot of change in what organizations are starting to do with mobile devices,” Banda told TechNewsWorld. “There is a big shift toward unmanaged, especially as agencies become more comfortable adopting BYOD strategies.”

“Remote work has certainly accelerated BYOD,” he said.

While the increased use of unmanaged equipment suggests an expansion of remote working, it may also be a recognition of the benefits of BYOD for employees and agencies.

“I’ve had separate work and personal phones before, and it’s very easy to do everything on one device,” Fleck said.

“Covid forced remote work faster than any government procurement cycle,” he explained. “It is understandable that agencies were forced to adopt BYOD policy faster than their ability to purchase and deploy mobile device management platforms.”

Greater Phishing Exposure

Permitting the use of unmanaged equipment also indicates that agencies are finding that employees can work effectively remotely, maintained a safety awareness advocate at KnowBe4, a safety awareness training provider in Clearwater, Fla. .

“Modern software and tools allow for unprecedented collaboration capabilities, and the tools being used are more capable than ever,” he told TechNewsWorld.

“With the onset of Covid forcing many organizations that were resistant to working remotely to implement the strategy, a lot of organizations have seen benefits in allowing this to continue,” he said.

More than a third of state and local government employees are using personal devices for work in 2021, the report said, adding that these agencies are leading the adoption of BYOD.

While this offers employees more flexibility, it acknowledged that these unmanaged devices are more frequently exposed to phishing sites than managed devices, as unmanaged personal devices connect to a wider range of websites and more diverse types. use of apps.

“My experience shows that remote workers may be more vulnerable to phishing because they are working in an environment that blurs the line between job and home life than they are in the office. become more comfortable and less alert,” Krone said.

Ray Stein, CSO of Mainspring, a provider of IT-managed services in Frederick, MD, said remote workers are no more likely to fall for a phishing scam than other employees.

“But without the supervision or protection of an enterprise firewall, it’s easy to reach them through different channels,” he told TechNewsWorld. “This increases the number of phishing scams they are exposed to, leaving them more vulnerable than long-term office workers.”

old android version

The report had good and bad news about government employees running older versions of Android on their phones.

The bad news was that nearly 50% of state and local government employees are running the older Android operating system, exposing hundreds of device vulnerabilities to them.

The good news is that this is a marked improvement in 2021, when 99% of mobiles were running older versions of the operating system.

The report states that keeping the mobile operating system up to date is the best form of cyber security. However, government agencies or departments may choose to delay the update until their proprietary app is tested, it continued. This delay creates a vulnerability window during which a threat actor can use a mobile device to access an organization’s infrastructure and steal data.

“New releases or versions of the OS build on their previous releases, including all security enhancements and improvements,” said Stuart Jones, director of the CloudMark division at Proofpoint, an enterprise security company in Sunnyvale, Calif.

“Without the latest version of the OS,” he told TechNewsWorld, “the benefits of these enhancements are not available on the device or for the user.”

Stein said that in 2021, Google’s Threat Analysis Group (TAG) discovered at least nine zero-days affecting its products, including Android devices.

“Patches for those vulnerabilities were included in Android updates, but users stuck on older OS versions may not benefit from them,” he said.

need for extreme caution

Banda said it can be challenging to keep pace with Android due to its fragmented environment.

“To update to a certain level, you must have the correct combination of mobile operator and device manufacturer’s firmware,” he explained. “There are a number of factors that determine whether you can take on release.”

Not only does this make it difficult for the user to keep their Android version running, but it also makes it difficult for employers to keep the devices secure. “A company needs to know who is running which version of Android,” Banda said. “They have to figure out how to get that visibility and create policies so everyone can get up to speed on the latest version available to them.”

After working in the federal space for most of his career, Sami Allini, a biometrics specialist at Contrast Security, a maker of self-protecting software solutions in Los Altos, Calif., said he’s tormented about how long adversaries will exploit and infiltrate government institutions.

“As an activist in this field, one must be vigilant about all interactions, including those with colleagues,” he told TechNewsWorld. “As this report shows, phishing, a form of social engineering, is on the rise, and for good reason. Social engineering is one of the most effective ways to gain access to information or property that someone has access to. Shouldn’t have passed.”

Read More
By
Internet

Chinese hackers deploy fake news site to infect government, energy targets By Techagents

A Chinese cyber espionage group is using a fake news site to infect government and energy industry targets in Australia, Malaysia and Europe with malware, according to a blog posted online on Tuesday by Proofpoint and PwC Threat Intelligence .

The group is known by several names, including APT40, Leviathan, TA423 and Red Ladon. Four of its members were indicted by the US Department of Justice in 2021 for hacking several companies, universities and governments in the United States and around the world between 2011 and 2018.

APT40 members indicted by the United States Department of Justice in 2021

The United States Department of Justice indicted APT40 members in 2021 / Image Credit: FBI

The group is using its fake Australian news site to infect visitors with the Scanbox exploit framework. “Scanbox is a reconnaissance and exploitation framework deployed by an attacker to collect a variety of information, such as the target’s public-facing IP address, the type of web browser used, and its configuration,” Proofpoint Vice President for Threat Research and Detection Sherrod explained DeGripo.

“It serves as a setup for the information gathering steps that follow and potential follow-up exploits or compromises, where malware is deployed to gain persistence on the victim’s system and allow the attacker to carry out espionage activities.” can be done,” she told TechNewsWorld.

“It creates a perception of the victim’s network that the actors then study and determine the best path forward for further compromise,” she said.

“Watering hole” attacks that use Scanbox appeal to hackers because the point of compromise is not within the victim’s organization, added John Bumbleneck, a principle threat hunter at Netenrich, a San Jose, California-based IT and digital security operations company. .

“Therefore, it is difficult to detect that information is being stolen,” he told TechNewsWorld.

modular attack

According to the Proofpoint/PwC blog, the TA423 campaign primarily targeted local and federal Australian government agencies, Australian news media companies and global heavy industry manufacturers, which maintain a fleet of wind turbines in the South China Sea.

It noted that the phishing emails for the campaign were sent from Gmail and Outlook email addresses, which Proofpoint believes were created by attackers with “moderate trust.”

Subject lines in phishing emails included “sick leave,” “user research,” and “request collaboration.”

Threatened actors often pose as employees of the fictional media publication “Australian Morning News”, the blog explained, and provide a URL to their malicious domain, to view their website or share research material that the website is publishing. Ask for goals.

If someone clicks on the target URL, they will be redirected to a fake news site and without their knowledge, the Scanbox malware will be introduced. To give credibility to their fake website, opponents posted content from legitimate news sites such as the BBC and Sky News.

Scanbox can distribute its code in one of two ways: in a single block, which gives an attacker instant access to the full functionality of the malware, or as a plug-in, modular architecture. The TA423 crew chose the plug-in method.

According to PwC, the modular route can help avoid accidents and errors that would alert a target that their system is under attack. It is also a way for researchers to reduce the visibility of the attack.

phishing boom

As such campaigns show, phishing remains the tip of the spear used to break into many organizations and steal their data. “Phishing sites will see an unexpected increase in 2022,” said Monia Deng, director of product marketing at Bolster, a provider of automated digital risk protection in Los Altos, Calif.

“Research has shown that this problem will increase tenfold in 2022 because this method is easy, effective and a perfect storm to deploy in the post-work digital age,” she told TechNewsWorld.

DeGripo said phishing campaigns continue to work as threat actors adapt. “They use current affairs and holistic social engineering techniques, at times hunting down target fear and a sense of urgency or importance,” she said.

A recent trend among threat actors, he continued, is attempting to increase the effectiveness of their campaigns by building trust with intended victims through extended interactions with individuals or through existing interactions between coworkers. .

Roger Grimes, a defense campaigner with KnowBe4, a security awareness training provider in Clearwater, Fla., stressed that social-engineering attacks are particularly resistant to technical security.

“Try as much as you can, there is no great technical defense so far that prevents all social engineering attacks,” he told TechNewsWorld. “This is especially difficult because social engineering attacks can come across email, phone, text messages and social media.

Even though social engineering is involved in 70% to 90% of all successful malicious cyber attacks, it is the rare organization that spends more than 5% of its resources to mitigate this, he continued.

“It’s the number one problem, and we treat it like a small part of the problem,” he said. “It’s the fundamental disconnect that allows attackers and malware to be so successful. Until we see this as the number one problem, it will continue to be the primary way attackers attack us. It’s just math.” “

two things to remember

While TA423 used email in its phishing campaign, Grimes notes that opponents are moving away from that approach.

“Attackers are using other methods, such as social media, SMS text messages, and voice calls to do their social engineering more often,” he explained. “This is because many organizations focus almost exclusively on email-based social engineering and the training and tools to combat social engineering on other types of media channels are not at the same level of sophistication in most organizations.”

“That’s why it’s important that every organization builds an individual and organizational culture of healthy skepticism,” he adds, “where everyone is taught how to recognize the signs of a social engineering attack, no matter how it comes.” , web, social media, SMS messages or phone calls – and it doesn’t matter who it appears to be sent by.”

He explained that most social engineering attacks have two things in common. First, they come unexpectedly. The user was not expecting this. Second, it is asking the user to do something that the sender – whatever he is pretending to be – has never asked the user to do it before.

“This may be a valid request,” he continued, “but all users should be taught that any message with those two traits is at very high risk of being a social engineering attack, and should be verified using a reliable method. as if calling that person directly on a known good phone number.”

“If more organizations taught two things to remember,” he said, “the online world would be a much safer place to calculate.”

Read More
By