The United States Department of State on Sunday announced its unclassified email system has been breached, making it the fourth U.S. government organization to have fallen prey to hackers in recent months.
The State Department took down its website and unclassified email system and reportedly used Gmail for communications instead.
None of its classified systems were compromised, the department claimed.
The breach was part of the same incident reported last month by the White House Executive Office of the President, an unnamed official reportedly said.
However, why the State Department disclosed the attack almost three weeks after the White House did is unknown.
Its website was up Monday morning, but there was no mention of the attack.
Scheduled Upgrade, Unscheduled Attack
The State Department took its unclassified email system and its website offline on Friday, reportedly for scheduled maintenance to upgrade security.
It isn’t clear how long the attack has been going on or why the department was so slow in responding to the breach.
It’s also not clear whether the unclassified email system has been brought back online. The department reportedly used Gmail for communications during the outage, but it’s not clear whether the department has its own Google Apps account.
More Trouble on the Way
The systems of the U.S. National Oceanic and Atmospheric Administration, the U.S. Postal Service, and the U.S. Office of Personnel Management also were breached in recent months.
Some of the breaches have been blamed on Russian hackers and others on the Chinese, but determining who’s responsible may not be the top priority.
“There are a couple of important things we can learn here,” said Eric Cowperthwaite, vice president, for advanced security and strategy at Core Security.
“First, the U.S. government is now a significant target for bad guys, and that’s going to continue and probably get worse,” he told the E-Commerce Times.
Second, it’s the unclassified systems that have been breached, and the security measures used there are roughly the same as those used in most U.S. businesses, Cowperthwaite said, based on his 15 years of experience in the industry.
“That being the case, it’s very clear that businesses — including retail, healthcare, financial services, public utilities, municipal governments and more — are not going to be able to stop a capable adversary,” he pointed out. “With 90 percent of all computer networks and defenses in private hands, the risk is clearly very high.”
Businesses have to “greatly increase their maturity and capability” in the face of this ongoing threat, Cowperthwaite warned.
Breach Factors at Play
Malware is getting increasingly sophisticated.
For example, Seculert recently detected new domain-generated algorithm malware that builds a domain, including nouns and verbs, designed to bypass machine-learning algorithms that look for meaningless domain names such as “ldfidiehwslgoeh.com.”
The new malware is a variant of Matsnu with its own built-in uninstall function, according to Seculert.
Another possibility is that admins may have disabled firewall security features to improve performance.
More than one-third of 504 IT professionals admitted in a recent McAfee survey to doing just that — or choosing not to enable security functions, including deep packet inspection, antispam and antivirus — in an attempt to improve network performance.
There’s Always a Silver Lining
“Identifying these threats enables security professionals in organizations like the State Department to reinforce areas of potential vulnerability by using techniques like data encryption,” Gerry Grealish , CMO of Perspecsys, told the E-Commerce Times.
“As with all systems, there are secure and less secure ways of using them,” he said, adding that it’s “policies and technology options deployed during the use of software systems that really need to be the focus.”