Subverting Government Data Is Replacing Economic Espionage


Connecting state and local government leaders

“Almost worse is if they change it and you don’t know about it because it questions integrity,” according to one Symantec cybersecurity expert.

Cyberattacks against state and local governments are not only on the rise, they’re increasingly targeting the cloud as jurisdictions migrate their data, said Symantec cybersecurity experts during a Wednesday webcast.

Part of the Multi-State Information Sharing & Analysis Center’s national webcast initiative, “Cybersecurity Year in Review and 2017 Preview” assessed the evolving threat landscape as governments continue to move their data off-premise.

Cybersecurity wins like the federal shutdown of Avalanche, the hacker network behind two-thirds of all global phishing attacks, and the extradition of the prolific, Romania-based Bayrob malware gang to the U.S. are becoming more frequent. But Yahoo just recently announced the largest data breach ever of 1 billion user accounts, and experts aren’t sure how long that record will stand.

“None of these go away,” said Kevin Haley, Symantec security technology and response director, of hackers’ ever-changing methods.

Instead, the Mountain View, California-based software company has found bad actors revisiting old tactics while they continue to innovate and try out high stakes financial attacks and hacktivism.

Swift network bank thefts and Odin ransomware attacks targeting other financial institutions “were not smash and grabs,” Haley said, but involved hackers learning how systems operated over time and reaping the rewards of their patience.

State and local government employees are being spear-phished at work—the act of emailing them malicious links or talking them into wiring money using advanced social engineering. Such scams sound simplistic, but at a rate of 400 a day the Federal Bureau of Investigation estimates $3 billion has been lost to them to date.

More than 30 percent of victims pay ransomware ransoms at an average of $696, up from $294 in 2015, Haley said.

Still, economic espionage attacks against the U.S. are waning in favor of subversion—stealing and making changes to increasingly vulnerable data. And that data can increasingly be found in the cloud.

“Almost worse is if they change it and you don’t know about it because it questions integrity,” said Kenneth Durbin, Symantec CRM and threat intel strategist.

One need look no further the leak of Democratic National Committee emails or Anonymous’ attacks on North Carolina’s government websites in protest of the state’s transgender bathroom law to see hacking is becoming increasingly politically motivated.

Employee training is an important part of risk management strategies moving forward, but spear-phishers have wised up to old techniques like hovering over emailed links to view the URL. Now they use subdomain fields to give the illusion of a real URL that leads to an HTML clone of, say, the Google login page that steals your username and password when input.

This year also saw a rise in denial-of-service attacks using Internet of Things botnets like the Mirai botnet, a network of more than 100,000 IoT devices, proving cloud services are susceptible to breaches.

“The real issue is these IoT devices are always on and poorly protected,” Haley said.

Cybercriminals now wield the power of nation-states, he added, and they’re using fewer custom tools in favor of benign-looking scripting languages like PowerShell.

In this era, attack analytics are governments’ new security weapons, and legacy systems must be modernized.

Adopting a framework-agnostic scheme like the NIST Cybersecurity Framework is a good place to start, Durbin said, as is agile development with cybersecurity in the forefront.

“You want to plug the holes instead of creating new ones,” he said.

Dave Nyczepir is a News Editor at Government Executive’s Route Fifty and is based in Washington D.C.

NEXT STORY: Howard County, Md.’s Snowplow Tracker Is Ready for Winter