With more advanced detection, investigation and mitigation technologies and processes, agencies can present a much stronger defense against cyber criminals intent on using ransomware as a route to extortion.
As attackers become more refined and nuanced in their approach -- from building adversarial machine learning models to model poisoning -- they could completely disrupt an agency’s artificial-intelligence-related efforts.
The Cybersecurity and Infrastructure Security Agency says hackers are breaching federal networks by exploiting methods besides the SolarWinds Orion vulnerabilities.
Suspected Russian intelligence agents are believed to have accessed "around" 3% of email inboxes, but not any classified systems, according to a Justice Department spokesman.
According to a Jan. 5 statement from the Cyber Unified Coordination Group, “an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."
The remote user use case applies to remote agency users accessing government resources in either agency-hosted or in cloud environments and provides configuration guidance for remote user data flows and applying relevant TIC security capabilities.
While convenient during this pandemic, allowing employees to use personal laptops and phones for work increases the risk of unauthorized access to government systems and data.
The breach, which was missed by federal cybersecurity agencies, is much broader than first estimated, with experts now saying Russia exploited as many as 250 government and private-sector networks.
By establishing strong supply chain risk management requirements and verifying all updates for critical networks and third-party software, agencies can better protect their networks against future incursions.
To help agency leaders mitigate the SolarWinds Orion software compromise, the Cybersecurity and Infrastructure Security Agency issued new guidance and posted two new resources.