Federal officials announced this week that government cybersecurity teams are working to mitigate the lingering effects of a breach on an unclassified White House network.
It appears as though certain segments of the network were disconnected while problems were being addressed, and the Executive Office of the President network was down for nearly a week while cybersecurity workers addressed the issue, but email services and Internet access were quickly restored.
Officials declined to say whether or not the threat has been eliminated, instead noting that there are always attacks aimed at a target of such a size.
“These adversaries, generally, are incredibly persistent, and you’re not out of the woods ever,” said Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch. “This type of risk is something that has to be managed and managed, ongoing. It’s not like you have an illness and you’re healed and you’re fine until the next time you get sick. It’s not clear black and white.”
Attacks may be worse than they seem
While it appears no damage was done to the breached network, some experts are suggesting that may not have been the intention of the hack. In an interview with FCW, security expert Mike Lloyd noted that newer types of malware are specifically designed to exfiltrate information while doing as little damage as possible. Lloyd went on to say that malicious actors understand what information is valuable – such as network maps and knowledge of connection points – and how to remove that data without drawing attention to themselves.
Officials have yet to release details on the perpetrators behind the attack or what, if any, data was compromised during the breach. However, the type of target and methodology are similar to several Russian-backed attacks in recent months. News of the intrusion comes at the same time as a report from the Georgia Institute of Technology that warns of the growing persistence of attacks from hackers backed by nation-states.
“From cyber conflict to industrial espionage to law enforcement monitoring, nation states and government-sponsored groups have adopted online tactics to complement their real-world strategies,” the Georgia Tech report stated.
As the attacks launched by cybercriminals become increasingly sophisticated and use a growing number of techniques, government agencies and other high profile targets will need to be be prepared with reliable security in order to ensure the protection of privileged information.