Cybersecurity

Hackers adapting to government adversaries

Cyber Attack 

A new threat report from Cisco found that hacker are increasingly able to mask their presence and take advantage of security vulnerabilities inherent in two popular technologies -- the cloud and internet-of-things devices -- to gain network access.

The report highlights how malicious actors are using increasingly sophisticated methods to hide and obscure the presence and intent of their actions from government cyber watchdogs.

Some forms of malware are being designed to evade modern security practices that isolate malicious code. Attackers also rely on cloud services like Dropbox and Google Docs to hide in the "noise" of legitimate network traffic.

"Clearly the malware is getting more and more creative," said Dan Kent, chief technology officer for Cisco federal and director of engineering.

As another example, the report points to the 2017 WannaCry attacks, which security researchers have attributed to The Lazarus Group and which Western governments, including the Trump administration, have said were conducted at the behest of North Korea. Though hundreds of thousands of computers were affected, only about 300 people actually paid the ransom, and the attacks yielded surprisingly small earnings, around $143,000.  Cisco researchers believe that the "ransomware" aspect of the attacks may have been "merely a smokescreen" to hide the real objective: wiping data.

Dedicated denial of service attacks powered by hijacked IoT devices represent a real and growing threat, particularly reflection and amplification vectors that can exponentially increase the amount of traffic that botnets can direct. Kent said federal agencies tend to have better security procedures around their devices to prevent them from being hijacked, but their public facing websites are vulnerable to DDOS attacks. Additionally, the federal government plays a significant incident response and coordination role for the private sector and state and local governments, where the weaknesses are more pronounced.

"What we've seen is without any type of perimeter anymore and clearly with some of these IoT devices … you don't have the level of security" said Kent. "A lot of these devices get put on the network without IT even knowing until after the fact."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.