Cyberattacks pose to organizations in the public safety and justice sectors. This post offers a primer on the most prevalent attack vectors.
Ransomware — This is a specific type of malware that enables cyberattackers to encrypt the targeted organization’s files. Only when the organization agrees to pay a ransom—hence the name—does the cyberattacker decrypt the files. In the current environment, this is one of the most prevalent cyber attacks and is increasing in frequency.Formjacking — This type of attack adds malicious code to a website that captures credit card information. When someone attempts an online transaction, perhaps to pay bail or court fees, the victim’s credit card information is captured and sold on the dark web. Any organization that conducts business online can experience a formjacking attack.
Zero-Day Exploits — This method of attack takes advantage of flaws or vulnerabilities in hardware or software that are unknown to the vendor. Such attacks often go undiscovered for weeks or months; because they often are used to perform identity theft, it is not unusual for the public to discover them, and not the vendor. The name stems from the fact that once the vendor becomes aware of the attack, it already is too late, i.e., the vendor has “zero days” to apply a patch or warn the public. Given the large amount of personal and sensitive data that justice agencies possess, zero-day exploits represent a serious threat.
Social-Engineering Exploits — Organizations often fall victim to cyberattacks due to human factors. We know of one instance whereby a hacker donned the work uniform of a service provider and upon arrival at a law-enforcement facility, announced that he was there to perform maintenance in the server room. An officer then escorted the cyber attacker to the room and allowed him to enter—without first verifying his credentials. This sort of thing happens much more often than one might think.
A decade ago, an experiment reportedly was conducted by a federal agency whereby universal serial bus (USB) devices and optical drives were dropped in parking lots of government and contractor entities. According to the report, 60 percent of the devices were picked up by personnel and then blindly inserted into their work computers. Some of the devices had official-looking government logos — those reportedly were inserted 90 percent of the time. If these devices had contained malware capable of opening a backdoor into the entities’ networks and systems, the results could have been catastrophic. A similar scenario occurs when personnel plug unauthorized personal devices — e.g., smartphones, digital music players, and wearables — into their work computers.
Yet another example concerns passcodes — often they are far too simple to make them easier to memorize. Even when they are more complex, personnel often grievously err by writing them on sticky notes and then affixing them to computer screens — which eliminates the need to memorize them, but also makes them visible to anyone who walks by their workstation. This is a very bad idea.
Today, however, the most common form of social-engineering attack involves “phishing,” which typically is conducted via emails that appear at first glance to be legitimate. The goal is to entice the recipient to unwittingly unleash malware by opening the email and clicking a web link or opening an attachment. This is a serious threat because studies indicate that 80 percent of employees are unable to recognize sophisticated phishing attempts. Moreover, phishing attacks are on the rise simply because they are very effective.
Supply Chain Attacks — This is an emerging type of attack that uses the supply chain to infiltrate an organization’s networks and systems. Such attacks typically manipulate code in software used by third-party vendors to legitimately gain access to networks and systems — and the data that rides on them. Sometimes, the goal is to disrupt an organization’s operations; other times it is to steal information that can be sold to other bad actors—either outcome could be devastating for a justice agency.
An example of this type of attack occurred last year. The attack targeted SolarWinds’ Orion network- and remote-monitoring platform. Orion has been implemented by a great many organizations, including the White House, the Pentagon, the U.S Department of Energy, and many other government agencies and technology companies.
The cyber attackers designed malware to look like Orion software files with a signed certificate. When the user deployed what he or she thought was a legitimate, routine software update, the malware was distributed. The traffic looked exactly like Orion traffic, so there were no red flags; consequently, it was easy to overlook the breach, which is why it was so widely distributed.
Protecting public-sector agencies against the attacks described above is a never-ending battle. One thing that we encourage is viewing the monthly CyberChat videos found on MCP’s website. The most recent video does a deep dive into ransomware attacks. Or, register to attend an upcoming Advanced Cybersecurity Workshop for Public-Sector Leaders training session on November 8 and 15.
Another good idea is to sign up to receive the cybersecurity threat notifications that we push out whenever a new threat is identified. Finally, our team of subject-matter experts stands ready to help you develop a multilayer approach to cybersecurity that is customized to your organization’s needs, budget, and resources
Mike Beagles is MCP’s platform and service product manager and a certified Cisco CyberOps associate. He has more than 13 years of information technology and cybersecurity experience. Mike can be emailed at MikeBeagles@MissionCriticalPartners.com