The Cybersecurity and Infrastructure Security Agency warned of attacks that leverage phishing and email forwarding vulnerabilities as well as one that bypassed multifactor authentication.
The National Association of State Chief Information Officers is advocating for harmonized federal cybersecurity regulations, a dedicated cybersecurity grant program for state and local governments and widespread adoption of the .gov domain.
The number of federal agencies hit by the SolarWinds Orion breach will likely surpass last week’s White House’s tally of 10 affected agencies, according to William Evanina, director of the National Counterintelligence and Security Center.
Besides the exposure of congressional information, the breach of the Capitol presented an opportunity for adversaries to install malware on IT equipment, bug offices and exfiltrate data.
With more advanced detection, investigation and mitigation technologies and processes, agencies can present a much stronger defense against cyber criminals intent on using ransomware as a route to extortion.
As attackers become more refined and nuanced in their approach -- from building adversarial machine learning models to model poisoning -- they could completely disrupt an agency’s artificial-intelligence-related efforts.
The Cybersecurity and Infrastructure Security Agency says hackers are breaching federal networks by exploiting methods besides the SolarWinds Orion vulnerabilities.
Suspected Russian intelligence agents are believed to have accessed "around" 3% of email inboxes, but not any classified systems, according to a Justice Department spokesman.
According to a Jan. 5 statement from the Cyber Unified Coordination Group, “an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."
The remote user use case applies to remote agency users accessing government resources in either agency-hosted or in cloud environments and provides configuration guidance for remote user data flows and applying relevant TIC security capabilities.