Category Archives: state government

Improving cybersecurity visibility and state and local government agencies

Posted on by

A significant portion of state and local government technology officials in a new survey say they are under-equipped, under-staffed and under-resourced in addressing cybersecurity concerns. Four in 10 state and local IT leaders say they lack the tools they need to identify and report cybersecurity vulnerabilities in their networks, according to a study conducted by CyberScoop and StateScoop, and underwritten by Tenable. For 38 percent of respondents, this shortcoming is further exacerbated by the need for security intelligence tools that prioritize vulnerability risks. Combined, these technology gaps make it harder for security personnel to optimize their time and effectiveness. Nearly half of respondents (46 percent) said that access to more skilled and knowledgeable information security professionals would improve the ability to spot security vulnerabilities — more than any other potential enabler. Officials also said a lack of understanding about technologies and risks, and difficulty understanding security metrics, are the biggest […]

The post Improving cybersecurity visibility and state and local government agencies appeared first on Cyberscoop.

Continue reading Improving cybersecurity visibility and state and local government agencies

Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

Posted on by

A Eastern European hacking group hijacked U.S. state government servers to dispense malware through phishing emails that were designed to appear like they had come from the Securities and Exchange Commission, according to research by Cisco’s Talos team and an analysis by other cybersecurity experts familiar with the activity. The technical findings connect a known advanced persistent threat (APT) group, codenamed FIN7 by U.S. cybersecurity firm FireEye, to a sophisticated intrusion technique that was detected in a recent wave of spoofed emails that mimicked the SEC’s domain. The messages carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system. FIN7 is believed to represent a eastern European criminal enterprise that speaks Russian and operates internationally. Emails tied to this campaign were “highly targeted” and only sent to a small, select group of U.S. businesses in several different industry sectors, including finance, insurance and information technology, said Craig Williams, a senior […]

The post Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies appeared first on Cyberscoop.

Continue reading Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies