When you think of security in a government agency, lots of images might come to mind: key card scanners, color-coded security clearances, and complex access management systems. If you’ve ever worked for a government agency or contractor, you probably recall the hours of training modules on security protocols. When it comes to controlling access to information, these agencies have things locked down, but much like third-party data breaches or security incidents, there are weak links in the system.
Government agencies and contractors are most often targeted by nation-state threat actors and hacktivists. Nation-state actors are funded by foreign government entities and carry out attacks that gather intelligence on adversarial military secrets, operations, or other espionage purposes. Hacktivists are actors that try to affect social or political change through cyber attacks, which they can do by exposing wrongdoing in an organization. Both of these threat actor groups have strong convictions, and in the case of nation-state actors, a large, practically unlimited budget.
To protect against hacktivists and nation-state actors, government agencies must be aware of their common TTPs (tactics, techniques, and procedures). Nation-state actors often try to gain access to networks and remain undetected for long periods of time, so that they can slowly gather intelligence. The methods they typically use to gain access include complex social engineering campaigns to inject malware into their victim’s networks. Hacktivists commonly use DDoS (distributed denial of service) attacks, website mirroring, and insider threats to damage an organization.
Government contractors often have confidential or other CUI (controlled unclassified information) on their IT networks. Whether the contractor is in the defense, finance, or critical infrastructure sector, breaches of protected information can be catastrophic to the greater good of our nation. One way that hacktivists and nation-state actors can breach government systems is by gaining access to identity and access management systems. By obtaining credentials like usernames and passwords and selling them on the dark web, threat actors can easily undermine the security of agencies and contractors.
Recently, GroupSense intelligence analysts discovered a well-known hacktivist group selling access to a government contractor database with added user logins and administrative privileges. The specific database our analyst found for sale contained information from 6,000 government contractors in the defense and critical infrastructure sectors. Data like this continues to fuel cyber identity fraud in the government if threat actors use the information for social engineering and phishing scams.
Though these credentials aren't necessarily considered a breach by GroupSense analysts, the concern is that the credentials could be used to carry out a breach. By gaining access to the systems of government contractors, hacktivists and nation-state actors are one step closer to government systems. In a 2021 government contracting breach, threat actors gained insight into US military weapons platform development and design. They were also able to obtain future plans for telecommunications systems and other critical infrastructure.
Cyber identity fraud and social engineering pose a dangerous threat to our national security. Government agencies and contractors have a responsibility to safeguard their IT systems against breaches. To help agencies get to a more comprehensive cybersecurity posture, there has been an increase in executive orders and other regulations on cybersecurity. Last year’s executive order places increased importance on threat sharing between agencies, modernizing and strengthening legacy systems, and reaching zero-trust inside organizations. Another standard, the Cybersecurity Maturity Model Certification (CMMC), aims to strengthen cybersecurity for all contractors working with the Department of Defense. By employing digital risk protection, agencies and their contractors can take a holistic approach to protect the nation. Learn more about protecting your organization with Digital Risk Protection Services here.