martes, 31 enero 2023
Visitas totales a la web: 88309395

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Hackers Have Infiltrated Many of Washington State’s Agencies

Kartikay Mehrotra and Dina Bass

  • Governor had warned that state was target of phishing campaign
  •  Timing of attack furthers concerns about election stability

Hackers have launched a sprawling, multifaceted cyber-attack against the state of Washington, according to two people familiar with the matter.

The attack infested many of the state’s agencies with sophisticated malware, including one type known as Trickbot, according to the two people, who requested anonymity because they aren’t authorized to talk to the media.

The attack has already lasted more than a week, but it has yet to significantly affect state operations even while exposing flaws in the state’s security apparatus, the people said.

The cyber-attack didn’t impact the state’s election systems. Nonetheless, coming nearly a month ahead of November’s presidential election, it highlights the potential vulnerability of state computer networks, which include election systems.

Tara Lee and Mike Faulk, both of whom are spokespersons for Governor Jay Inslee, didn’t respond to requests for comment. Secretary of State Kim Wyman’s office tweeted Thursday that they’re “aware of an active cyber threat facing government entities…though we have no reason at this time to believe this is targeted at elections.”

‘Phishing Campaign’

On Thursday, Inslee said at a press conference that a nationwide “phishing campaign” — phony emails that usually include an attachment that detonates malware when opened — was targeting the state. But the reality of the attack hitting state computer networks is more serious than a phishing campaign. Attackers have successfully gained access to multiple state agencies, spreading malware and establishing a foothold from which they could deepen their attack.

Washington is being assisted by U.S. Department of Homeland Security, the FBI and Microsoft Corp., in the hopes of fending off the attackers, according to the person familiar.

Microsoft spokesperson Frank Shaw declined to comment. Messages sent to the FBI in Seattle weren’t acknowledged.

Further details about nationwide phishing campaign, as Inslee said, weren’t available.

The attackers’ motives remain unclear. It’s not known if any data was stolen or if the hackers had planned to detonate the kind of ransomware attacks that have devastated cities, school districts and businesses across the country in recent years. Such attacks seek to lock users out of their computers, demanding a hefty ransom to regain access, and can significantly disrupt operations for days or even weeks.

Still, the timing of the attack has raised security questions ahead of the first presidential election since Russia meddled in the 2016 race by hacking Democratic Party emails and targeting election systems in all 50 states, according to federal authorities. DHS has repeatedly warned about the risk of cyber-attacks and even ransomware before the upcoming vote.

At least some state employees received calls on Sept. 18 directing them to avoid accessing emails. On Sept. 21, an updated directive asked employees to stop clicking on new attachments, according to a state employee who asked not to be identified because they’re not authorized to speak to the media.

“The potential for damage here is the inability for the state to operate its services that rely on computer systems,” said Michael Hamilton, former chief information security officer for Seattle and the founder of the cyber firm, CI Security. “While the state is handling multiple dilemmas — an election, record unemployment, civil unrest, fires — a broad scale compromise could be crippling.”

Profit Tool

One of the people familiar with the investigation said early analysis of the intrusion indicated that the hackers may not have been targeting Washington but rather happened upon — and took advantage of — flaws in the state’s cybersecurity system. Responders are continuing to monitor the malware’s behavior across a broad swath of the state’s network, said the person.

At least 13 of the state’s departments and commissions were impacted by the attack, including corrections, parks and recreation and fish and wildlife, according to one of the people familiar with the matter. That person also said another type of malware, called Emotet, was used in the attack, in addition to Trickbot.

Janelle Guthrie, a spokesperson for the Department of Corrections, echoed the governor’s statement, saying many public and private organizations across the country, including the state of Washington, were being targeted by a phishing campaign.

“Washington state is taking proactive measures to protest state systems, which may require taking certain applications offline temporarily,” she said. “There is no known indication of state services being impacted at this time.”

Anna Gill, a spokesperson for Washington’s Parks and Recreation Commission, referred requests for comment to the governor’s office.

The election isn’t only a political target for some attackers with nation-state allegiances. They are also a potential tool for cybercriminals seeking profit because victims may be desperate to pay to ensure their systems are operational, said Brett Callow, a threat analyst at the New Zealand-band cybersecurity company Emsisoft.

“What better time for an attacker to extort payment from government systems than the time it needs access the most?” said Callow, adding that the hackers could be “holding fire” until the days leading up to Nov. 3 Election Day.

Washington state is widely viewed as boasting one of the country’s most sophisticated cybersecurity systems, especially its election system defenses. Because of its dependence on postal ballots, Washington ranks among the highest for pandemic voting preparedness, according to a report by the Rand Corp. about voting system confidence in 2020.

Dangerous Malware

The Emotet banking Trojan, first identified in 2014, gained notoriety by targeting banks and financial data but has since evolved into a spamming and malware service, according to cyber research firm, Malwarebytes Inc. Its ability to evade detection has drawn the ire of the U.S. government which has branded Emotet among the world’s most dangerous malware with an estimated cleanup cost of $1 million per incident.

Hackers are often capable of moving around inside the network, allowing them to compromise additional departments. In the case of Emotet, the attackers are also known for resending phishing emails to victims from the internal email system.

In addition, it’s not uncommon for attackers to take their time after gaining access to a network, before deploying ransomware or some other kind of damaging attack. The hackers can use that time to explore the network looking for sensitive data or figuring out how to exploit a vulnerability.

Trickbot is another Trojan which originally targeted banks and financial institutions that has since seen expanded its attack surface to all enterprise networks. Using a particular vulnerability called EternalBlue, Trickbot can spread through networks then reinfect computers or servers that were previously infected and then sanitized. “IT teams need to isolate, patch, and remediate each infected system one-by-one. This can be a long and painstaking process,” according to Malwarebytes report on the malware.

Emotet and Trickbot are frequently used in tandem, especially by the Russia-based cybergang, Ryuk, according to the cybersecurity firm CrowdStrike. First recognized in 2019, Ryuk became notorious in its first six months of operation for attacking enterprise networks, yielding revenue upwards of $4 million, according to CrowdStrike.

As Ryuk’s activity faded slightly in the early-spring and summer of 2020, another threat actor emerged with a similar attack profile, called Conti, according to Emsisoft. In its short history, Conti, which also appears to be Russia-based, has gained notoriety for attacking state and local governments, including state courts in Louisiana in September, the cyber firm said.

Fecha de publicaciónseptiembre 28, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos


Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

El Plan de seguridad. (El Esperado modelo estatal para eventos)

La seguridad de un evento deportivo o recreativo requiere objetivos, planificación, dotación, implantación y evaluación de resultados.

Sistemas de Extinción por Gas: Manual Práctico para el Diseño, Instalación y Mantenimiento

Este Documento Técnico tiene como objetivo dar a conocer las peculiaridades de los Sistemas de Extinción por Gas, sus puntos fuertes y...

A CSO’s challenge for building a global risk strategy

Without a strategy, security plans are almost impossible to implement, and C-suite engagement can be jeopardized Global security risks...

Este timbre para bicicletas es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Los AirTags de Apple desbancaron con su nacimiento al resto de opciones del mercado entre los usuarios de Apple. Esta solución de rastreo se...

Este timbre para bicicleta es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Bajo un timbre o un portabotellas, esta compañía ha ideado unos escondites para colocar los rastreadores a prueba de robos y pérdidas.