Cybersecurity

Hackers adapting to government adversaries

Cyber Attack 

A new threat report from Cisco found that hacker are increasingly able to mask their presence and take advantage of security vulnerabilities inherent in two popular technologies -- the cloud and internet-of-things devices -- to gain network access.

The report highlights how malicious actors are using increasingly sophisticated methods to hide and obscure the presence and intent of their actions from government cyber watchdogs.

Some forms of malware are being designed to evade modern security practices that isolate malicious code. Attackers also rely on cloud services like Dropbox and Google Docs to hide in the "noise" of legitimate network traffic.

"Clearly the malware is getting more and more creative," said Dan Kent, chief technology officer for Cisco federal and director of engineering.

As another example, the report points to the 2017 WannaCry attacks, which security researchers have attributed to The Lazarus Group and which Western governments, including the Trump administration, have said were conducted at the behest of North Korea. Though hundreds of thousands of computers were affected, only about 300 people actually paid the ransom, and the attacks yielded surprisingly small earnings, around $143,000.  Cisco researchers believe that the "ransomware" aspect of the attacks may have been "merely a smokescreen" to hide the real objective: wiping data.

Dedicated denial of service attacks powered by hijacked IoT devices represent a real and growing threat, particularly reflection and amplification vectors that can exponentially increase the amount of traffic that botnets can direct. Kent said federal agencies tend to have better security procedures around their devices to prevent them from being hijacked, but their public facing websites are vulnerable to DDOS attacks. Additionally, the federal government plays a significant incident response and coordination role for the private sector and state and local governments, where the weaknesses are more pronounced.

"What we've seen is without any type of perimeter anymore and clearly with some of these IoT devices … you don't have the level of security" said Kent. "A lot of these devices get put on the network without IT even knowing until after the fact."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.