While we have been talking about cyberattacks on the healthcare, education, and financial sectors mostly, we somehow haven’t talked enough about the cyber risks faced by the government sector. We witnessed two major cyberattacks against two different agencies this week. Let’s talk about that!

Phishing campaign against USDOT

The U.S. Department of Transportation (USDOT) was impersonated in a phishing campaign that went on for two days. The campaign leveraged a variety of tactics to evade detection. One of the tactics includes creating new domains portraying federal sites to seem legitimate.

Why it matters

  • Companies operating in the energy, engineering, and architecture industries with a link to USDOT were also targeted. One of the domains was registered by Amazon in August and was particularly created for this campaign.
  • While the phishing techniques used were not unique, they used these tactics in unique patterns to evade detection by secure email gateways.

Attack on South Africa

IT systems at South Africa’s Department of Justice were encrypted by a ransomware attack. The attack encrypted all information systems and rendered them unavailable internally as well as to the public.

Why it matters

The department is still in the process of restoring its systems and is unsure of how long it will take. Furthermore, the threat actor responsible for the attack has not been identified yet. As systems were knocked offline, child maintenance payments had to be kept on hold.

What else?

  • Over the past year, several government sites have been observed hosting spammy ads because of a flaw in Laserfiche - a government software provider. The phishing lures, hence, created would redirect unsuspecting users to malicious websites.
  • An iPhone exploit was sold to the UAE for $1.3 million by American mercenaries. The exploit was previously used by U.S. government intelligence operatives.
  • Some hackers hijacked the Russian official government website and started promoting free Bitcoins to every user.
  • In August, the French government’s visa website was attacked, exposing applicants’ personal information. The information contained names, email addresses, nationalities, and dates of birth, among others.

Why attack the public sector?

  • Government agencies are a treasure trove of sensitive data for adversaries. They handle large databases containing social security numbers, insurance numbers, health information, trade secrets, and financial information, among others.
  • Most times, government agencies are not as cyber resilient as they should be. Attackers mainly brute force passwords, throw social engineering lures, and abuse unpatched flaws to get into these systems.

The bottom line

The public sector needs better cyber defense strategies and solutions to stay protected from such threats. This includes creating cybersecurity policies, collaborating with industry experts, and creating cyber awareness among employees. The stakes are higher now and the potential consequences of a cyberattack on governments can be enormous, as indicated from the various incidents mentioned above.

Cyware Publisher