Digital transformation and the adoption of emerging technologies have served as major catalysts for innovation and progress for the federal government in recent years. However, as agencies move to the cloud, capabilities extend to the tactical edge and remote work continues, the traditional perimeters of an organization are extending and even disappearing.
In this era of modernization, information security and cybersecurity have become increasingly critical, yet difficult tasks as hackers and cybercriminals find new ways to exploit vulnerabilities and get inside organizations’ most important systems.
Last year, cybercriminals successfully hacked employees of two civilian government agencies using phishing emails disguised as tech support, according to a recent cybersecurity advisory released by the Cybersecurity and Infrastructure Security Agency.
CISA’s Chief Information Officer Bob Costello is confirmed to keynote GovCon Wire’s 2023 Information Security and Innovation Forum on Feb. 28. Join the conversation to hear more about the latest cyber threats and how agencies are combating them. Register here.
Hackers’ latest tactic includes the use of legitimate remote monitoring and management software, a CISA investigation found in October 2022.
In a case from June 2022, hackers posing as tech support representatives sent a phishing email containing a phone number to a federal employee who then called the phone number; from there, hackers directed the employee to a malicious domain which triggered the download of RMM software like ScreenConnect (now ConnectWise Control) and AnyDesk.
Because the downloaded RMM software is a legitimate application with a verified use case, it can evade antivirus alerts, giving hackers an opportunity to exploit it.
The incidents, CISA said, were part of a “widespread, financially motivated phishing campaign” that sought to steal money from individuals’ bank accounts.
Since this case, cybercriminals have been sending more “help desk-themed” phishing emails that either contain a link to a malicious domain or prompt the recipient to call a phone number, where hackers direct them to bad links. These emails are being sent to federal employees’ personal and government email addresses alike.
Hear from CISA leaders, cybersecurity experts and government officials during the GovCon Wire 2023 Information Security and Innovation Forum as they discuss today’s biggest cyber threats and how we can thwart them. Register here.
