Government and Military

With the digitization of the government and military OT and IT infrastructure comes the requirement for multilayered security to protect new and old defense systems from internal and external cyber incidents.

According to Fortune Business Insights, the global cyber security market size is anticipated to reach $366.10 billion by 2028. One of the key drivers increasing the demand for cyber security solutions is the government and military sector as cybersecurity threats represent one of the most notorious national security, public safety, and economic challenges faced as of now.

It’s key to consider that the government and military cyberspace and its underlying infrastructure are susceptible to a variety of threats and dangers originating from both physical and digital sources. Sophisticated cyber actors and nation-states exploit weaknesses to steal information and funds and are developing the capacity to interrupt, destroy, or threaten the supply of vital services.

Another point of consideration is the fact that the government saves substantially more information than the commercial sector and frequently maintains it on older, more insecure systems. Agencies are frequently targeted not only by opportunistic hackers but also by nation-state-funded and -trained teams. And despite the fact that governments are attempting to defend themselves from hostile attackers, employees and citizens alike desire simple access to their data anytime, anywhere.

To help illustrate, here are some real-life cybersecurity attacks that have targeted the government and military industry:

• A cloud-based platform of the Japanese IT company Fujitsu was infiltrated, allowing threat actors to steal files from multiple Japanese government agencies. Cabinet Secretariat, Narita Airport, and the Ministry of Land, Transport, Infrastructure, and Tourism are a few of the entities hit by this latest cyber attack. Leaked material included Foreign Ministry documents on how to implement a digital government and 76,000 email addresses from the transport ministry.
• In 2020, 70 ransomware attacks were carried out against US government agencies, impacting close to 71 million people and costing an estimated $18.88 billion in downtime and recovery costs.
• The NotPetya virus was planted as malware on a popular Ukrainian tax update site, spreading to multiple sites and countries including US, UK, Germany, France, and more. NotPetya infected computers and wrote over files.
• A hacker breached Argentina’s government IT network and penetrated RENAPER, the country’s national registry of persons. The hacker allegedly stole ID card details of the country’s entire population and sold them afterwards in private circles.

You can find a list of official ransomware alerts and statements from Cybersecurity and Infrastructure Security Agency (CISA) and the FBI here. A list of international and significant cyber incidents on government agencies, defense, and high tech companies can be found here.

Due to a number of reasons, the government cyberspace is extremely difficult to secure. In fact, the US Defense Department thwarts over 36 million emails full of malware, viruses, and phishing schemes from cyber criminals, hackers, terrorists, or foreign enemies attempting to penetrate government and military systems. Per year, that’s a total of 13 billion emails. Here are a few risk areas that embody why governments and military cyberspaces are so attractive to hackers:

• the capacity of hostile actors to operate from anywhere in the world
• the interconnectedness of cyberspace and physical systems
• the rising adoption of IoT devices greatly increases the attack surface
• the highly sensitive nature of the data they store
• the lack of bandwidth to address and secure against all cyber threats
• the lack of sufficient funding of state and local governments as opposed to federal institutions can jeopardize the protection against large-scale attacks
• the strong reliance on third parties and contractors.

Let’s explore more poignant examples of risk factors for government and military agencies next.

In recent years, ransomware has become a significant concern for many types of organizations. It can result in prolonged downtime, lost files, and the inability to access critical infrastructure and services for government entities. This includes 911 and utility services.

Email phishing scams, in which messages presented as originating from a trusted company or individual contain links or attachments that, when clicked by the recipient, infect computers with ransomware or malware that grants threat actors remote access to infected computers and potentially other computers on the network.

Incidents involving ransomware can have devastating effects on business processes and leave enterprises without the data required to operate and provide mission-critical services. Over time, malicious actors have modified their ransomware tactics to incorporate additional types of extortion, such as threatening to reveal stolen data if victims do not pay and publicly naming and shaming victims.

Password spraying is a brute-force attack technique that seeks to gain network access by matching usernames with common passwords. Others get email and system login credentials that were obtained in prior breaches. Password spraying enables the perpetrator to remain undetected by preventing frequent or quick account lockouts.

As more employees work from home, threat actors are attacking zero-day vulnerabilities in VPNs and other remote working tools and software platforms. Zero-day vulnerabilities are issues that have not yet been found or have been discovered but not patched.

The volume of DDoS cyber attacks aimed at the government sector rose to over 1881% in 2021 compared to 2020 mainly because DDoS attacks are among the most conspicuous and damaging cyberattacks. When paired with political objectives, they can be viewed as cyber warfare. For instance, the Pentagon has faced distributed denial-of-service (DDoS) attacks up to 600 gigabytes per second.

In cyber warfare, DDoS attacks are frequently employed to disrupt governments by rendering their internet resources inaccessible, disrupting official communications, and restricting access to information. DDoS attacks are also frequently used by hacktivists as part of political agendas.

Cybercriminals frequently build complex botnets to launch volumetric and protocol-based DDoS attacks. They consist of thousands, if not millions, of hacked hosts from all over the world.

When a government outsources a function, it relinquishes control over assets that contribute to government security, such as network credentials and access to important networks. Once this control is transferred outside to a third party, a new entry point for hackers is immediately created.

Similar to the private sector, federal agencies rely on supply-chain and third-party partners to support their missions and goals. It is a vital alliance, but it is laden with potential danger. Nation-state hackers are increasingly targeting government contractors to exfiltrate sensitive information and gain access to governmental networks.

Additionally, cyber attackers are targeting unprotected endpoints such as laptops, smartphones, and tablets, which have proliferated as more remote workers use their own devices instead of company-issued technologies. These endpoints are especially vulnerable when utilized by untrained employees who are susceptible to phishing and other social engineering attacks.

High-profile data breaches and cyber threats are driving government agencies to better prioritize information security. The stakes of cybersecurity in the government and military space are sky-high since hacking public sector information not only jeopardizes public trust, it also endangers national security.

For example, the current Biden-Harris Administration has regularly issued warnings regarding the possibility of Russia engaging in harmful cyber activity against the United States in response to the enormous economic sanctions they have imposed. This as a result of the growing indications that Russia could be investigating potential cyberattack possibilities.

Let us not forget that in 2016, John Podesta, chairman of Hilary Clinton’s US presidential campaign, had his email hacked, with over 20,000 emails leaked. Many claimed that the event was at fault for derailing the campaign which they ultimately lost. In that same year, 20,000 emails from key staff of the Democratic National Committee were leaked, including confidential party secrets.

EdgeLabs sensors provide proactive advanced network security combined with behavioral anomaly detection for endpoint security. Using the most advanced AI algorithms for detection as well as predictive models help us to protect the whole system with significant quality from the most dangerous threats in military and government.