Federal Friday - 6.13.14 - New Group, Same Story

Blog Post created by jschim Employee on Jun 11, 2014

Happy Friday, Federal friends! It's another lovely Fall day here in Beantown but I hope each of you are enjoying your early Summer weather. Some exciting news as Rapid7 was named one of the Top Places to Work by the Boston Business Journal (#11 Mid-size company)!


I'm going to keep it short and sweet today considering this is a topic I've covered before. Given the news stemming from a new CrowdStrike report there is yet anther group out of the Far East, that has successfully attacked government networks for years. How'd they do it? Well they attacked your most vulnerable assets to gain access to the information they were looking for. No, they didn't use a 0 Day, an XP vuln or any OpenSSL back-doors. So, what did they target then? To put it simply they went after your employees, and they're continuing to do so. While this new group was identified, and their tactics might differ slightly, the theme is the same - focus on the people and they'll show you right in the open door.


This campaign, in particular, focused on closely-guarded satellite technology. The targets were government employees and contractors who were either attending or looking to attend industry conferences. They were duped with slick-looking attachments that looked like conference information, local tourist hot-spots and even yoga brochures. Once they clicked, they and your network were compromised.


So, what can you do?


Communicate, communicate, communicate. In fact, over-communicate. While it's a herculean task to change the mindset and work-flows of your employees at-large, your focus should be a top-down approach. Your c-level and management folks, aside from Sys, Admin, tend to pose the most risk to your networks. That being said highlighting the specific risk compromised credentials pose to your critical systems is a language decision makers should understand. The higher up the chain you can get, the more impact a conversation about risk has. Once you can convince the higher-ups of the risk the network faces, it's up to them to disseminate the information down through the organization. While this is a difficult conversation to broach, it's your charge to secure your networks and at the end of the day people are a big part of that.


Change is constant, threats are persistent. Stay vigilant.


Tom Hanks is keeping watch for new and unusual tactics.