The Department of Homeland Security has made our country safer by enhancing the government’s cyber security strategy, but it is still not enough. The cybercriminals are not standing pat while waiting for the government to catch up. They are evolving their strategies just as quickly as the government is trying to evolve theirs.
As technology advances, so do the methods of attack. Cybercriminals are always looking for new methods to hack data and steal money from innocent victims with their sophisticated computer systems. This is why the government has been developing strategies to keep up with these new advancements in order to protect our most important data from being hacked by cybercriminals.
Here's a rundown of how government defense strategies are faring against attack strategies in recent times.
Attack Vectors and Vulnerabilities in Government Infrastructure
The types of cyberattacks against government agencies vary wildly, as evidenced by a 2021 Statista report. Not all agencies suffered the same types of attacks, and not all agencies fell victim to each type of attack.
What seems to matter most is the actual responsibilities of the government agency, and what hackers can gain from targeting it. For example, the Department of Veteran Affairs could potentially be a gold-mine for benefits scammers, whereas the Department of Health and Human Services has a long list of duties including administering and managing federal healthcare programs.
When considering government cybersecurity solutions, each agency should be evaluated for particularly vulnerable attack vectors and the type of information that hackers would be after. These common attack vectors include:
-
Attrition
-
Impersonation
-
External/removable media
-
Loss and theft of equipment
-
Web-based attacks
-
Multiple attack vectors
Government Strategies for Mitigating Attack Vector Risks
Attrition
Attrition attacks rely on brute force or external data breaches in order to compromise a system. A characteristic of this form of attack is its persistent, often repeated attacks.
Government agencies have implemented risk reduction measures to limit the level of damage caused by online hacks, such as reducing the number of compromised systems, patching existing systems, adding network segmentation, and requiring all users to use strong passwords.
Attrition attacks don't always have an end goal in sight, but may be a way of probing weaknesses in a system for exploitation at a later time. Thus, government agencies must be aware of the frequency, persistence, and lengths of any given attack vector and how best to best mitigate it.
Impersonation
Impersonation attacks are usually performed by someone who has full control of the system and has access to the user's information or credentials. They are also known as Man-in-the-Middle (MITM) attacks and have taken place by way of e-mail messages and malicious websites, commonly using compromised email accounts.
Within government agencies, especially in the public sector, impersonation attacks can be achieved due to lack of proper authentication vetting protocols, particularly when an agency is understaffed and overwhelmed.
Defense against impersonation attacks typically rely on biometric identifiers like fingerprints and facial images to authenticate users before granting them access.
Removable Media Drives
Infected software or viruses can also be inserted into a system via maliciously modified removable media such as thumb drives and USB drives. These viruses can affect a government agency by creating an attachment, opening attachments, or even overwriting data.
Antivirus and firewall programs are commonly installed on computers within a government agency to prevent viruses from being installed. However, traditional antivirus software can only perform heuristic analysis, which doesn't offer much protection against zero-day threats.
Thus, one of the safest measures against bugged USB drives is to only allow government employees to use removable storage devices provided by the agency itself, which are themselves encrypted and unlocked with a unique key.
Web-Based Attacks
Government websites are, for a multitude of reasons, often poorly developed and lacking secure services.
For instance, in many government agencies, web pages are hosted on servers with insecure credentials, forcing agencies to send sensitive information via email attachments, web forms, and links.
This increased use of web services has also exposed government agencies to web-based attacks, which are becoming more popular due to their usability, scalability, and security.
Common methods of web-based attacks include phishing, XSS (Cross Site Scripting), SOCKS, and XSLT.
To mitigate this threat, well-funded governmental agencies are able to hire highly trained cybersecurity specialists and web designers. However, local government agencies are often unable to afford this kind of protection for their websites.
It is, therefore, necessary for government agencies to put in place measures such as removing legacy, obsolete, and sensitive web technologies and instead, focus on web-based security measures that are in line with their current needs.
This article does not necessarily reflect the opinions of the editors or the management of EconoTimes