Government agencies are responsible for mass amounts of sensitive data ranging from personal information about citizens to classified information pertaining to national security. In today’s digital world, information remains a hot commodity in dark marketplaces and drives threat actors to sweet spots inside national governments.
Governments and their agencies have risen to the top as one of the most targeted sectors. In Q3 2022, government was the second most attacked industry with an attack average sitting at 1,564 cases each week. This marks a 20% increase compared to the same period last year.
State-sponsored threat actors are also motivated by special causes to target government agencies other than financial gain. Sometimes their goal is to disrupt essential services, destroy national assets, encourage protests, expose political-level wrongdoing, or simply erode trust and provoke embarrassment.
If breached, government institutions become a gateway for threat actors to access thousands of related enterprises, and the civilian population. This can have a profound effect by destabilising the institutions and people that governments must govern.
Spotlight
Globally and regionally, some of the top cyberattacks on governments have occurred in 2022.
See below:
In January, the Greek Parliament identified an attempt to compromise 60 parliamentary email accounts. In February, cybercriminals breached the UK Foreign Office and an Iranian-linked group conducted the cyber operations. A Pakistani-linked group deployed a remote access trojan to spy on Indian military and diplomatic persons. In March, at least six US states were hacked by a Chinese-backed group.
In April, cyber researchers discovered a new Russian-linked campaign using phishing emails to deliver malware to diplomats and embassy officials from Portugal, Poland, France. In May, a phishing campaign against the Jordan Ministry of Foreign Affairs was attributed to an Iranian cyber espionage actor. Russian-linked threat actors hit Italian websites with a DDoS attack.
In June, threat actors breached Chinese government networks to find and leak evidence of human rights abuse committed against the Uyghur population. In August, DDoS attacks temporarily took down the Taiwanese presidential website and attempted the same on the Taiwanese Foreign Ministry. In October, US Government websites across Colorado, Kentucky, Mississippi were taken offline by pro-Russian hackers.
Red flags
Government agencies and institution across most nations are regarded as soft targets by advanced threat actors. These government entities are mostly supported by small funded budgets with little room for robust cybersecurity programs. Moreover they usually do not employ dedicated security professionals and rely on general-service IT or small SOC teams. Legacy technologies in play here may not be robust enough to protect against large-scale ransomware threats.
Here is a list of the principal flags:
#1 Citizens and users will trust a government web site and that makes them vulnerable. Researchers noted that attackers leverage legitimate government domains to distribute malware to many at once, since site visitors implicitly trust them.
#2 Government systems are complex and host significant amounts of sensitive data often shared with third parties and contractors. This complexity and access increases risk from outside.
#3 Government entities are less funded than their private counterparts. This increases the occurrence of unpatched software exposed to modern, advanced cyber threats.
#4 Root cause for the red flags are a result of weak IT and cybersecurity infrastructure. Threat actors will target weak infrastructures to deploy malware, lateral movement tools, ransomware, and phishing.
Action plan
In 2023, government agencies need to build cyber resiliency, implement best practices, and reduce their attack surface. Solutions from select cyber security vendors can provide visibility and will be effective, considering breadth of data networks managed by governments and their agencies.
Government agencies should implement solutions that leverage identity-based security tools embedded with artificial intelligence and machine learning to fight back against ransom operators and sophisticated social engineering schemes. Eliminating reduced network visibility will generate endpoint monitoring to help detect and respond in real-time to security events.
Select cyber security vendors can help government enterprises build resiliency through autonomous endpoint protection.
Discussion about this post