The deadly attack at Capitol Hill is one of the most serious cybersecurity events that happened in history along with the ongoing recent SolarWinds Attacks. During these riots, cyber threat-actors were able to get access to the government’s critical network for almost 4 hours.
The videos, news, and pictures clearly give evidence of how protestors had unauthorized and unrestricted access to the Capitol Hill for four hours, that gave them full access to computers, cyber assets and full control over one of the governments’ network. Electronic devices, laptops, and many items were stolen leading to potential espionage.
This is a Stage IV hack where attackers have administrative control over the border networks, devices, servers, chance to insert malware, and can access emails, files, and accounts, similar to SolarWinds. According to Morgan Wright, chief security adviser at SentinelOne, “People are inherently lazy and sometimes you might have a collection of usernames and passwords because these staffers manage a lot of accounts for their members of Congress and other stuff, so there may be access to sensitive information." -referring to leakage. In addition to it, attackers can plant a digital eavesdropping device or Power Pwn (network hacking tool) into federal government facilities, that can be difficult to detect. It is very common that breaching the physical security ramifications can be a great national threat issue.
Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said in an email to SearchSecurity, “In an ideally segmented network environment, this should be limited to email and file shares. As far as I have read, the Sensitive Compartmented Information Facility (SCIF) areas where secure information is handled were not compromised." However, In 2019, the most secret information house, Capitol Sensitive Compartmented Information Facility (SCIF), also got breached by Republican lawmakers protesting impeachment. Hence, we cannot be sure about the integrity of this event either.
So, what can be the possible solutions to mitigate the risks created by the aftermath of this riot?
- Reset passwords on the accounts associated with stolen devices and delete, wipe, and reimage the hard drives.
- Add multi factor authentications to all the accounts and recheck if the existing ones are easy to bypass.
- There might be data copied, transferred, or retrieved from a computer or server without any authorization. To track the threat activities, monitor and analyze the data exfiltration and data logs.
- Every computer with its connected devices, cables, and USB should be examined, replaced, and scanned.
- The USB port should be blocked for any foreign devices.
- Continuous monitoring of the endpoints for known, unknown, and zero-day threats that may be implanted through malware and exploits by rioters.
- Team up with threat intelligence to automate the endpoint protections, correlating the gathered threat data and identify indicators of compromise.
- To re-run the business back, make sure to have a thorough review of each and every computer’s OS running in the entire congressional orbit.
- Be aware of foreign adversaries who got an opportunity to launch their attack through phishing campaigns or spreading disinformation to provoke future violent actions.
- Even though the Senate and House have separate their own shared IT framework, authentication and monitoring schemes should be implemented properly.
- There should be constant vigilance on the suspicious activity on the network/devices.
Allari implements customized service plans for IT Operations & Cyber-security which allow you to complete a higher volume of planned work, gain the capacity to innovate and help your business to win.
Subscribe to the best newsletter there is.
You won't regret it!