On November 13, were compromised and used to distribute spam emails spoofing the law enforcement agency. The emails contained warnings, purportedly from the FBI, of a “sophisticated chain attack” whereby the recipients’ network was breached and data had been stolen.
Although this is a somewhat unusual example of targeting government bodies, attacks and breaches to this industry are common. According to The , there were 3,236 incidents within public administration, with 885 leading to breached data. Social engineering was responsible for over 69% of breaches. cash app slots Shadows’ data, outlined in the following sections, shows further evidence of targeting of the public sector.
Governments can be an enticing target
Government bodies hold plenty of valuable data, which makes them an enticing target to threat actors. This is especially so for those that may hold personal data, such as passport numbers and social security numbers. The breach of the U.S. Office of Personnel Management (OPM) in 2015, where state-sponsored actors stole Social Security numbers, fingerprints, names, dates and places of birth, and addresses.
Governments and public bodies are also targeted by cybercriminals. According to the , the most common stolen data was credentials.
Once stolen, credential lists are widely sold and traded on cybercriminal forums and marketplaces, or used for brute-force (in 2020, over 80 percent of breaches related to hacking involved brute-force cracking or the use of lost or stolen credentials).
Ransomware targeting of Government
In March 2021, (shown below). In May, the D.C. police department had data dumped online by the . In July, the similarly suffered from a ransomware attack.
However, the targeting of government and public bodies is a global trend that extends beyond these examples. According to cash app slots Shadows reporting on ransomware sites, there have been 82 government entities that have had their data posted to ransomware dump sites. This targeting is spread across many ransomware variants; among the ransomware variants targeting this industry were Clop, Avaddon, Ryuk, NetWalker, Conti, DopplePaymer, Egregor, and PYSA.
Cybercriminals selling access to Governments
We have previously discussed how Initial Access Brokers (IABs) provide access that can be highly valuable for ransomware actors. There have been numerous cases where weaknesses in RDP and VPNs have enabled ransomware.
It’s no surprise, therefore, that we’ve seen IAB actors offering access to government bodies. Of the 22 instances we detected in 2021, 5 were for VPN and 3 for RDP.
Previous research by Photon, , found government access for an average of $4,386.
Gain industry-specific intelligence with SearchLight
Data exposure on ransomware dump sites and initial access brokers have merged as some of the top dark web monitoring use cases. SearchLight users can subscribe to all of this intelligence while making it specific to their industry and geography.
You can explore a large selection of our intelligence within Test Drive, which you can .