Tag Archive for: Government’s

How Ransomware Has Become a Geopolitical Risk for Governments

/in


For months, Western leaders have warned about the risk of military conflict in Ukraine spilling over into the rest of the world. Their fears may not yet have been directly realized, but several governments in Latin America have certainly begun to feel the impact. Emboldened cybercrime groups may be redefining acceptable targets, which has implications for governments everywhere.

Just the Beginning?

In the first half of 2022, Costa Rica, Peru, Mexico, Ecuador, Brazil and Argentina were all targeted by Russian-speaking cybercrime groups like Conti, ALPHV, LockBit 2.0 and BlackByte. All countries had publicly condemned Russia at the UN for invading Ukraine, and some voted to suspend the country from the UN Human Rights Council. Further tying these ransomware attacks to Russia, we noted an uptick in initial access broker (IAB) services on major Russian-language dark web and special access forums like XSS and Exploit. They have been advertising low-cost, compromised network access methods specifically related to entities in Latin America. 

Among the organizations in the region targeted by threat actors was the secretary of state of finance in Rio de Janeiro, the municipality of Quito in Ecuador, the comptroller general of Peru, the Republic of Peru and Costa Rica. In Costa Rica, a national emergency was declared after the government branded a crippling attack an act of “cyber-terrorism.”

This represents a significant escalation in the severity of attacks targeting government organizations. Alongside K-12 education institutions, NGOs and healthcare organizations, governments have for a long time been off limits for ransomware affiliates keen to avoid stigmatization and the scrutiny of law enforcement. However, that stance appears to have shifted quite dramatically now, which could have implications for governments everywhere. If such groups now feel emboldened to target any nation critical of Russia, we could see a dramatic uptick in global incidents.

How Were They Hit?

Most of those organizations targeted in this first wave of Latin American attacks appear to have been hit after threat actors got hold of compromised credential pairs and session cookies. These are usually…

Source…

Indian government’s confidential infosec guidance leaks • The Register

/in


India’s government last week issued confidential information security guidelines to the 30 million plus workers it employs – and as if to prove a point, the document quickly leaked on a government website.

The document, and the measures it contains, suggest infosec could be somewhat loose across India’s government sector.

“The increasing adoption and use of ICT has increased the attack surface and threat perception to government, due to lack of proper cyber security practices followed on the ground,” the document opens.

“In order to sensitize government employees and contractual/outsourced resources and build awareness amongst them on what to do and what not to do from a cyber security perspective, these guidelines have been compiled.”

Ironically, the document proves why it’s needed. Despite being marked “Restricted” and for access only within Indian government departments and ministries – and including an exhortation that those sent the document “should honor this access right by preventing intentional or accidental access outside the access scope” – The Register was able to find it on an Indian government website with minimal effort.

Whoever posted it there probably needs to re-read the document. One of the instructions it includes is “Don’t share any sensitive information with any unauthorized or unknown person over telephone or through any other medium.”

That instruction is one of 24 “Cyber Security Don’ts” that includes measures such as not re-using passwords or writing them on sticky notes left around the office, running only supported operating systems, and not using browser plug-ins. Users are not to save data to local drives, or click on links or attachments emailed by unknown parties.

“Don’t install or use any pirated software (ex: cracks, keygen, etc.)” is another directive, as is a proscription on jailbreaking…

Source…

Most Governments Were Hacked in the Past Year, Reports Reveal

/in


Cybersecurity professionals often urge organizations to think not of “if” they’ll be attacked, but “when” — and new studies indicate that for many governments around the globe, that “when” may have already happened.

A November 2021 international report from cybersecurity research and marketing consultancy CyberEdge found that 68.2 percent of surveyed government organizations were compromised by one or more cyber attacks within the past 12 months. Fifty-four percent believed such an event was “more likely to occur than not” within the coming year.

The report polled 1,200 public- and private-sector IT security professionals from 17 countries, and focused on organizations with at least 500 employees. Government respondents comprised 4.1 percent of respondents, or roughly 49 individuals.

A survey of 353 IT professionals at government agencies and educational institutions, provided to GovTech by data management solutions company Veeam, also found at least half of respondents suffering from cyber attacks. It reported that ransomware caused “outages” at 52 percent of public-sector organizations. That study captured responses from 28 countries between October 2021 and December 2021.

Both reports suggest that more than half of government agencies have fallen to attack — a significant rate, yet one that puts it ahead of the pack, according to CyberEdge. Just over 85 percent of its overall respondent group reported suffering a successful cyber attack within the past 12 months, and nearly 41 percent had fallen to six or more attacks — the highest ever recorded by this annual report. (The report does not specify how often agencies were re-victimized by the same threat types compared to falling to a variety of attacks. Cyber threats are diverse, including incidents like distributed denial of service (DDoS) attacks, ransomware and other malware and account takeovers.

More important than the sheer number of successful attacks an organization suffers may be how much damage these attacks deal, said Minnesota CISO Rohit Tandon.

Strong cyber protections enable an organization to limit the impacts of…

Source…

Poor risk assessment jeopardizing Manitoba government’s computer systems: report

/in


The province is not doing a good enough job identifying and managing the risks associated with the aging computer systems it uses to carry out its business, says the latest report from the office of the auditor general. 

The audit looked into the various hardware such as servers, routers and firewalls, as well as the software the provincial government uses to collect, process, store, and share information.

It found that a significant number of business applications and their supporting technologies are old and should be replaced.

Further, the report says, the province’s methods of identifying when its aging hardware and software should be replaced or upgraded is insufficient, and its inventory is incomplete. 

This could leave the province open to system outages, decreased system reliability, and increased security risks, the report says. 

That in turn could impact a wide range of services the province provides to Manitobans, including online registrations, provincial program applications and fee payments. 

The auditor general’s office recommends that the provincial government improve the practices it uses to monitor its computer systems to make sure they are replaced or upgraded as needed. 

It also recommends that the province’s business transformation and technology department prepare a risk assessment report on these aging computer systems.

Reg Helwer, the minister responsible for government services, will comment on the report once he has read it, a spokesperson for the province said Thursday. 

Source…