Press "Enter" to skip to content

The FBI breached and start sending emails out with legit headers

I don’t like starting the week with a security segment… but when the FBI are hit themselves, that feels like the top story.

Bureau emails servers were hacked and used to distribute spam email impersonating FBI warnings that the recipients network was breached and data was stolen.  Pretending to warn about a sophisticated chain attack, the message warns about a threat from the head of security research of the dark web intelligence companies NightLion and Shadowbyte.  The headers are from internal FBI servers, and the FBI did confirm the emails are fake they are working to solve the issue.  The hacker used a misconfiguration in the Law Enforcement Enterprise Portal.  The goal was likely to discredit that individual.  

Showing their commitment to cyber efforts, the US has joined the Paris Call for Trust and Security in Cyberspace, which was established in 2018 to create international norms and laws for cybersecurity and warfare.     The Trump administration had previously declined to join.

The DoJ announced A Russian man convicted on wire fraud and money laundering charges for his role in the Methbot digital advertising scheme was sentenced to 10 years in prison on Wednesday.

It’s not all good news from the government – an audit by the General Accountability Office finds that the U.S. Education Department needs to update its plans for responding to cyberattacks against grade schools, as they face a slew of online threats, including ransomware, denial-of-service attacks, email scams and pandemic-era concerns like disruptions to virtual learning environments.   It’s planning documents have not been updated since 2010.    The audit also revealed that the department believe that protecting schools is CISA’s responsibility.  

The FTC has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors’ attempts to exploit vulnerabilities using social engineering or exploits targeting technology.  The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA their Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.   The second step, addressing the employees’ exploitable human nature, is to train their staff to recognize the tricks ransomware operators use to infiltrate their target’s network, including phishing messages that deliver malware designed to deploy backdoors on infected systems.  That from bleeping computer.

Why do we care?

The FBI hack causes huge confusion as they’re the points of contact.   I’d anticipate there is a lot of help desk issues across the US right now from that one.

The insight from the Department of Education is that assigning responsibility matters.   One can see how the department would believe CISA oversees cybersecurity, and how others might see the department as responsibility.  If roles aren’t clearly defined, no one is in charge.  

The FTC guidance is another resource for use with clients.    The list is ever growing – resources from CISA, the FTC, the SBA, all signing a chorus of addressing cybersecurity.  Use them.