How cybercrime feeds on modernization
- By Anthony Giandomenico
- Jan 14, 2019
Government agencies have long been a target for cybercriminals. While some attackers focus on stealing and selling personally identifiable information and other secure data, nation-state groups seek access to classified information and hacktivists look to disrupt daily operations.
Even as agencies come under increasingly sophisticated attacks, they continue to expand their network architectures to support digital transformation efforts and keep up with the demands of the constituents they serve.
As transformation efforts demand government networks become more distributed, renewed emphasis must be placed on simultaneously strengthening cybersecurity infrastructure and policies that are based on threat intelligence that illuminates today’s attack vectors and tactics.
Modernization of government networks
In order to keep pace with digital transformation requirements and the demands of constituents, IT modernization has become a key priority at government agencies. While government networks have long relied on legacy IT infrastructure, primarily on-premises servers that kept networks isolated, that isolation -- which was once beneficial for security purposes -- is no longer practical.
Initiatives such as the Modernizing Government Technology Act call on federal agencies to expand their networks using software-, infrastructure- and platform-as-a-service applications, the internet of things and more. While moving federal workloads to the cloud offers benefits in terms of cost and scalability, maintaining security during modernization is easier said than done. Shifting networks from closed to open without considering how to seamlessly integrate security across the new distributed environment can lead to a security patchwork solution that creates gaps for criminals to exploit.
For example, as cloud use through SaaS and IaaS increases, so has encryption. Our Threat Landscape Report for Q3 of 2018 shows the percentage of HTTPS traffic traversing networks has risen from 55.4 percent to 72.2 percent over the last year. This increased use of encryption can leave government networks susceptible to attacks if not done correctly, as it can result in diminished performance due to the overhead of proper inspection and in reduced visibility into protected data.
To combat this sort of inadvertent problem, security must be accounted for with each act of modernization.
To address these sorts of challenges, the federal government has developed cybersecurity initiatives in conjunction with those for modernization to minimize the new risks being introduced by digital transformation. The Cybersecurity Executive Order, for example, emphasizes using modernization efforts to increase defenses from advanced threats, while Trusted Internet Connection 3.0 addresses security changes brought on by cloud adoption.
These programs aim to ensure that federal agencies have the infrastructure in place to combat threats that are now more imminent due to cloud and IoT environments. Cybercriminals are targeting and infiltrating networks, especially those expanding their footprint in some way, according to our Q3 threat intelligence. In that quarter alone, there were 7,925 unique exploits detected, each of which represents a potential unauthorized entryway into a modern network.
As agencies adopt and perfect new modernization strategies and transformation solutions, they should do so with these specific attack vectors in mind:
Mobile malware made its mark among the 34,148 unique malware variants detected this quarter, with 26 percent of organizations reporting malware targeting mobile devices such as tablets and smartphones. As government networks become more open to allowing mobile devices to leverage cloud applications, they must be wary of this targeted form of malware.
IoT exploits have also been used as attack vectors by cybercriminals this quarter. Exploits in connected devices such as printers, routers, telephony equipment and more have become common ways criminals try to execute a broader network breach.
Cryptojacking, the unauthorized use of an organization's computers to mine cryptocurrency, remains a common tactic for cybercriminals. Because cryptojacking does not steal data or visibly alter daily abilities, it may be deprioritized by security teams working to improve security infrastructure. However, new cryptojacking versions damage or disable security systems, opening a possibility for a secondary intrusion. As a result, IT teams should be on the lookout for uncommonly high resource consumption.
Botnets remained a prevalent threat this quarter with Gh0st, Pushdo and Andromeda being some of the most notable. Additionally, IoT botnets such as Reaper and even Mirai were on the rise, with new variants that make them more potent. As botnets continue to evolve, IT managers must be wary of those that have machine learning or analytics capabilities, allowing them to locate efficient exploits.
Get ahead of the threat
As government agencies work to protect their networks from these and other threats brought on by digital transformation, there are a few steps they can take.
First, agencies must secure their expanding networks with an integrated and automated security approach. Integration ensures that as the network becomes more open and distributed, each solution that is selected and deployed works together with other security solutions to ensure there are no gaps in protection. This approach reduces the risks brought on by a patchwork of security solutions and enables every connected solution to issue automated responses to detected threats.
Second, government agencies should rely on global and local threat intelligence to inform the solutions and policies they deploy. This will ensure security teams are to date on the exploits and attack vectors cybercriminals are focusing on, both worldwide and within their own networks.
Finally, practicing strong security hygiene can go a long way toward reducing threats within government networks, especially those brought on by employees.
Government IT modernization means building a more distributed network that incorporates IoT devices, cloud infrastructure and SaaS applications. Unfortunately, for all the benefits that modernization brings, it also means more entryways for cybercriminals to exploit. As agencies revamp their security infrastructure as part of the digital transformation process, they must leverage threat intelligence to guide their strategic directions and employ security solutions that can consistently consume that information to detect and respond to threats in an integrated and automated manner.
Anthony Giandomenico is senior security strategist and researcher with FortiGuard Labs.