Login credentials for more than 40,000 Government accounts in 30 countries have been discovered by Russian cybersecurity researchers from Group-IB.
Mike Bittner, Digital Security & Operations Manager at The Media Trust:
“Government agencies are easy targets of phishing campaigns because they often publish their employee directories online. They are also highly desired targets because they store sensitive information on state secrets, on new products in the process of approval, including those of the world’s largest companies, and on private citizens. And given budget cuts, many of these agencies rely on large pool of third parties, who are listed in publicly available government sites. Since transparency is a government’s responsibility in a democracy, agencies should beef up their security measures. A few key steps include continuously scanning in real time the sites and mobile apps that citizens and companies use to access government services in order to identify any unauthorized activities and nip them in the bud. Second, they should know all who all their third parties are and what activities they have authorized them to conduct. Third, they should use physical devices that generate a new token each time a government employee logs in. Fourth, they should train all staff to be wary of phishing scams and other suspicious events. Finally, since securing sensitive information is key to accomplishing their mission, it should therefore be appropriately funded. These phishing campaigns will only grow in frequency, mainly because they pay off.”
Justin Jett, Director of Audit and Compliance at Plixer:
“Stolen credentials are a primary mechanism for malicious actors to gain access to sensitive information. The latest news of 40,000 stolen government portal logins is just another example. Proper password resets and time limits are important, but organizations should also ensure they deploy network traffic analytics to uncover when malicious actors attempt to access systems on the network. Because the hackers have the credentials, they aren’t going to try connecting to a machine more than once. Instead, they will try to connect to many machines until they gain access. Once they have a foothold, they will try to steal any sensitive data they can access. Network traffic analytics can show there are attempts to log in to multiple machines, especially when the user has never legitimately accessed those machines. Finally, where possible, two-factor authentication should be deployed to limit access to authorized individuals.”