domingo, 14 agosto 2022
Visitas totales a la web: 87788369

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Hackers Have Infiltrated Many of Washington State’s Agencies

Kartikay Mehrotra and Dina Bass

  • Governor had warned that state was target of phishing campaign
  •  Timing of attack furthers concerns about election stability

Hackers have launched a sprawling, multifaceted cyber-attack against the state of Washington, according to two people familiar with the matter.

The attack infested many of the state’s agencies with sophisticated malware, including one type known as Trickbot, according to the two people, who requested anonymity because they aren’t authorized to talk to the media.

The attack has already lasted more than a week, but it has yet to significantly affect state operations even while exposing flaws in the state’s security apparatus, the people said.

The cyber-attack didn’t impact the state’s election systems. Nonetheless, coming nearly a month ahead of November’s presidential election, it highlights the potential vulnerability of state computer networks, which include election systems.

Tara Lee and Mike Faulk, both of whom are spokespersons for Governor Jay Inslee, didn’t respond to requests for comment. Secretary of State Kim Wyman’s office tweeted Thursday that they’re “aware of an active cyber threat facing government entities…though we have no reason at this time to believe this is targeted at elections.”

‘Phishing Campaign’

On Thursday, Inslee said at a press conference that a nationwide “phishing campaign” — phony emails that usually include an attachment that detonates malware when opened — was targeting the state. But the reality of the attack hitting state computer networks is more serious than a phishing campaign. Attackers have successfully gained access to multiple state agencies, spreading malware and establishing a foothold from which they could deepen their attack.

Washington is being assisted by U.S. Department of Homeland Security, the FBI and Microsoft Corp., in the hopes of fending off the attackers, according to the person familiar.

Microsoft spokesperson Frank Shaw declined to comment. Messages sent to the FBI in Seattle weren’t acknowledged.

Further details about nationwide phishing campaign, as Inslee said, weren’t available.

The attackers’ motives remain unclear. It’s not known if any data was stolen or if the hackers had planned to detonate the kind of ransomware attacks that have devastated cities, school districts and businesses across the country in recent years. Such attacks seek to lock users out of their computers, demanding a hefty ransom to regain access, and can significantly disrupt operations for days or even weeks.

Still, the timing of the attack has raised security questions ahead of the first presidential election since Russia meddled in the 2016 race by hacking Democratic Party emails and targeting election systems in all 50 states, according to federal authorities. DHS has repeatedly warned about the risk of cyber-attacks and even ransomware before the upcoming vote.

At least some state employees received calls on Sept. 18 directing them to avoid accessing emails. On Sept. 21, an updated directive asked employees to stop clicking on new attachments, according to a state employee who asked not to be identified because they’re not authorized to speak to the media.

“The potential for damage here is the inability for the state to operate its services that rely on computer systems,” said Michael Hamilton, former chief information security officer for Seattle and the founder of the cyber firm, CI Security. “While the state is handling multiple dilemmas — an election, record unemployment, civil unrest, fires — a broad scale compromise could be crippling.”

Profit Tool

One of the people familiar with the investigation said early analysis of the intrusion indicated that the hackers may not have been targeting Washington but rather happened upon — and took advantage of — flaws in the state’s cybersecurity system. Responders are continuing to monitor the malware’s behavior across a broad swath of the state’s network, said the person.

At least 13 of the state’s departments and commissions were impacted by the attack, including corrections, parks and recreation and fish and wildlife, according to one of the people familiar with the matter. That person also said another type of malware, called Emotet, was used in the attack, in addition to Trickbot.

Janelle Guthrie, a spokesperson for the Department of Corrections, echoed the governor’s statement, saying many public and private organizations across the country, including the state of Washington, were being targeted by a phishing campaign.

“Washington state is taking proactive measures to protest state systems, which may require taking certain applications offline temporarily,” she said. “There is no known indication of state services being impacted at this time.”

Anna Gill, a spokesperson for Washington’s Parks and Recreation Commission, referred requests for comment to the governor’s office.

The election isn’t only a political target for some attackers with nation-state allegiances. They are also a potential tool for cybercriminals seeking profit because victims may be desperate to pay to ensure their systems are operational, said Brett Callow, a threat analyst at the New Zealand-band cybersecurity company Emsisoft.

“What better time for an attacker to extort payment from government systems than the time it needs access the most?” said Callow, adding that the hackers could be “holding fire” until the days leading up to Nov. 3 Election Day.

Washington state is widely viewed as boasting one of the country’s most sophisticated cybersecurity systems, especially its election system defenses. Because of its dependence on postal ballots, Washington ranks among the highest for pandemic voting preparedness, according to a report by the Rand Corp. about voting system confidence in 2020.

Dangerous Malware

The Emotet banking Trojan, first identified in 2014, gained notoriety by targeting banks and financial data but has since evolved into a spamming and malware service, according to cyber research firm, Malwarebytes Inc. Its ability to evade detection has drawn the ire of the U.S. government which has branded Emotet among the world’s most dangerous malware with an estimated cleanup cost of $1 million per incident.

Hackers are often capable of moving around inside the network, allowing them to compromise additional departments. In the case of Emotet, the attackers are also known for resending phishing emails to victims from the internal email system.

In addition, it’s not uncommon for attackers to take their time after gaining access to a network, before deploying ransomware or some other kind of damaging attack. The hackers can use that time to explore the network looking for sensitive data or figuring out how to exploit a vulnerability.

Trickbot is another Trojan which originally targeted banks and financial institutions that has since seen expanded its attack surface to all enterprise networks. Using a particular vulnerability called EternalBlue, Trickbot can spread through networks then reinfect computers or servers that were previously infected and then sanitized. “IT teams need to isolate, patch, and remediate each infected system one-by-one. This can be a long and painstaking process,” according to Malwarebytes report on the malware.

Emotet and Trickbot are frequently used in tandem, especially by the Russia-based cybergang, Ryuk, according to the cybersecurity firm CrowdStrike. First recognized in 2019, Ryuk became notorious in its first six months of operation for attacking enterprise networks, yielding revenue upwards of $4 million, according to CrowdStrike.

As Ryuk’s activity faded slightly in the early-spring and summer of 2020, another threat actor emerged with a similar attack profile, called Conti, according to Emsisoft. In its short history, Conti, which also appears to be Russia-based, has gained notoriety for attacking state and local governments, including state courts in Louisiana in September, the cyber firm said.

Fecha de publicaciónseptiembre 28, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos


Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

El soldado español: Una visión de España a través de sus combatientes

El soldado español forma parte inseparable del pasado y el presente de España. Es una memoria marcada...

Doxing: tus datos personales expuestos.

Doxing: amenazas en la red con la publicación de datos confidenciales de políticos y famosos. Como ya previnimos, los...

Microsoft revive el miedo a otro gran ‘hackeo’ ruso: las claves de la ciberguerra contra EEUU

Según la compañía de Nadella, en apenas tres meses, 600 empresas han recibido cerca de 23.000 ataques de grupos organizados. El objetivo,...

“Pilotar un Eurofighter no lo hace cualquiera, da igual que seas hombre o mujer”

A sus 25 años, la teniente Elena Gutiérrez se ha convertido en la primera militar a los mandos del caza más moderno...

La exigencia de ser alumno en la Academia de Artillería

El Colegio de Artillería del Alcázar fue designado como tal centro formativo el 29 de enero de 1762. Desde esa fecha siempre...