Heimdal
article featured image

Contents:

Hackers have been increasingly targeting governmental institutions in recent years. The Center for Strategic and International Studies has been recording significant incidents since 2006, and let me tell you, the list is not a short one. Up until October 2020, the downloadable PDF I linked consists of 50 pages tallying a rough total of 500 incidents. And bear in mind, those are just the noteworthy ones.


The Coronavirus pandemic has only exacerbated the trend, bringing it to new and dangerous heights. As a consequence, cyberattacks against state and local government organizations rose by almost 50% since 2017. All in all, it’s pretty obvious that our world’s administration is in danger. In the following lines, I will discuss ten of the most damaging cyberattacks against governmental agencies in recent history, as well as why hackers targeted them. As always, stay tuned until the end for a detailed list of essential cybersecurity considerations for local and state administrations.

10 Major Cyberattacks on Government in Recent History

#1 United States Department of Defense (2008)

Before botnets and remote attacks, trojans, or ransomware, cyber-threats were distributed through means such as infected USB flash drives. This might seem rudimentary to us more than a decade later, but there’s no denying that it was an effective approach back in the day. The 2008 cyberattack against the United States Department of Defense (DoD) is a prime example of that.

A USB flash drive infected with a worm named agent.btz was left in a parking lot of a base in the Middle East operated by the DoD. From there, it was picked up and put into the USB port of a laptop connected to the United States Central Command. That was more than enough for it to start spreading to both classified and unclassified files. It took the Pentagon a total of 14 months to clean military networks in what is now known as Operation Buckshot Yankee.

While hackers and their tools have evolved a lot since, the incident is still regarded as the worst one involving U.S. military computers in history. Its occurrence and severity led to the creation of the United States Cyber Command (USCYBERCOM), the organization handling America’s defense in cyberspace.

#2 French Ministry of the Economy and Finance (2010)

On the 7th of March, 2011, the French Ministry of the Economy and Finance confirmed that it had been cyberattacked in December of the previous year. According to an article published by BBC News, hackers targeted files related to the G20 Summit that took place in Paris in February 2011.

As per a statement from then-Budget Minister François Baroin, an investigation into the incident which affected roughly 150 of the ministry’s 170,000 computers was already ongoing at the time of the report. Director general of the French National Agency for IT Security Patrick Pailloux confirmed that the cyberattack was carried out by professional perpetrators. He also classified it as “the first attack of this size and scale against the French state”.

#3 United States Office of Personnel Management (2014)

The United States Office of Personnel Management (OPM) was the victim of two consecutive attacks that targeted the records of nearly 4 million people. However, the final tally showed that a whopping 22.1 million individuals were affected by the hack, many of which were not even government employees. The total included citizens who had undergone background checks, as well as their family and friends.

The first cyberattack on the OPM was discovered on the 20th of March in 2014 and the second wave came a short while after, on May 7th. Unfortunately, the latter was not detected by the agency until April 15th, 2015, almost one year later. On the morning of that fateful day, security engineer Brendan Saulsbury commenced decrypting a segment of the Secure Sockets Layer (SSL). This was a common practice at the OPM, but what he soon uncovered through it was anything but.

Searching through outbound traffic, Saulsbury found a beacon signal pinging queries to a website named opm­security.org. The United States Office of Personnel Management owned no such domain, which motivated him to dig a little deeper. Soon enough, he came across a .dll file carrying a strain of malware that had been having its way with OPM systems for over a year.

The OPM data breach is widely considered as one of the most notorious cyberattacks on the American government. In its aftermath, director Katherine Archuleta and CIO Donna Seymour both resigned.

#4 Bundestag German Federal Parliament (2015)

During the summer of 2015, the Bundestag (German Federal Parliament) struggled to overcome a cyberattack that targeted most of the 20,000 machines in its offices. The offices of several politicians were affected, including that of Chancellor Angela Merkel. Members of support staff and civil servants connected to the Parlakom network were affected as well.

Germany’s Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) stipulated that the cleanup would cost the government millions of euros, as it would involve every single affected device with a new one. Christian Democratic Union and Christian Social Union political bloc secretary Bernhard Kaster declared it “the biggest cyber-attack on the Bund, on the German parliament.”

#5 United States Democratic Party (2016)

Summertime is hackertime apparently, as the summer of 2016 came with a new cyberattack on the government. This time around, it was directed towards the United States Democratic Party. The incident most notably affected Hillary Clinton’s presidential campaign and followed another operation that targeted the Democratic Congressional Campaign Committee and the Democratic National Committee.

Several emails were leaked as part of the cyberattack. Said messages exposed Democratic Party officials being prejudiced against opponent Bernie Sanders in his primary race against Hillary Clinton. Malicious actors gained access to Democratic Party records through an analytics data program Clinton’s campaign shared with other entities.

#6 Ukrainian Government Agencies (2017)

The websites of several high-profile Ukrainian governmental agencies were flooded by a series of malware attacks on June 27th, 2017. This resonated with an entire series of incidents that spread across Europe in countries such as France, Italy, or Poland. However, it soon became apparent that the operation was mostly focused on Ukraine, with 80% of infections being located in the country. Petya was identified as the malicious actor behind the operation. During the cyberattack, the monitoring system at the Chernobyl Nuclear Power Plant was taken offline. Other notable victims include the Ukrainian metro system, banks, ministries, and state-owned enterprises such as Ukrainian Railways, Ukrtelecom, Ukrposhta, and Boryspil International Airport.

#7 Northern Ireland Assembly (2018)

Northern Ireland’s government was targeted by hackers in March 2018, when its Assembly’s email system underwent a brute force attack. An unidentified external source attempted to gain access to email accounts by using a vast number of passwords. According to an email sent to the Belfast Telegraph, officials worked closely with the National Cyber Security Centre and Microsoft to mitigate the cyberattack.

The Northern Ireland Assembly located in the Parliament Building at Belfast’s Stormont Estate is Northern Ireland’s devolved legislative body. It has domain over laws pertaining to any field that is not explicitly handled by the integrated Parliament of the United Kingdom.

#8 UIDAI’s Aadhaar Biometric ID System (2018)

The Unique Identification Authority of India (UIDAI) and its 12-digit biometric ID system Aadhaar have been around since January 2009. While still widely unknown and undiscussed in the Western world, Aadhaar has been the subject of many a Supreme Court ruling. Becoming the target of an intricate cyberattack in the fall of 2018 heightened the controversy surrounding it even more.

Throughout a three-month investigation, Huffington Post India discovered that malicious actors can easily download a software patch that disables the vital security features keeping Aadhar data authentic. The program can generate numbers at will, which implicates that anyone could create an identity with it. Needless to say, this was classified as a huge national security risk for India. The software patch could be downloaded from the web for as little as 2,500 rupees, or roughly 35 dollars.

#9 Baltimore Government Agencies (2019)

In May of 2019, the entire city of Baltimore’s local state agencies fell victim to an attack pursued by the infamous RobbinHood ransomware crew. According to local publication Baltimore Sun, a total of 15 state agencies and departments were affected by the cyberattack. The list includes the Baltimore City Council, the Baltimore Police Department, the Department of Transportation, the Department of Finance, and the Department of Public Works, among others.

The Baltimore ransomware attack cost the government 18.2 million dollars in incident mitigation costs. It took a month and a half for technicians to bring 95% of the city’s network back online. Impaired systems were held at a 76,280-dollar ransom by hackers, which officials refused to pay.

#10 Weiz Government Agencies (2020)

Albeit moderately unfamiliar to the rest of the world, the small Austrian city of Weiz is regarded as the economic focal point of the Oststeiermark region. Automaker Magna alongside construction companies Lieb-Bau-Weiz and Strobl are headquartered in the town. Its relevance in the region unfortunately made it the perfect victim for Netwalker ransomware.

Malicious operators launched a phishing campaign centered around the COVID-19 crisis by sending malspam with the subject line “information about the coronavirus”. Public infrastructure employees took the bait and clicked on the malicious links included in the emails, thus infecting the city’s entire network.

Why Cybercriminals Target Government Agencies

Several elements turn government agencies into prime targets for cybercriminals. As per the findings of a report published by Security Scorecard in 2018,

Government organizations remain a primary target given the reams of personally identifiable information (PII) stored and processed by agencies, not to mention top-secret national security details. All the necessary components of critical infrastructure networks such as courts, traffic, public transportation, elections, and public utilities fall under the auspices of regional governments. Even ‘small’ governments can be huge, slow-moving bureaucracies with a mix of emerging technologies and a massive, highly vulnerable entrenched legacy infrastructure, all of which present a perfect storm for the modern hacker.

What is more, it takes years for government agencies to discover they’ve fallen victim to an attack in nearly 60% of cases, according to the aforementioned report. It is thus high time government agencies started boosting their defenses of the online variety, and the following section of this article will teach you how to achieve just that.

Cybersecurity Essentials for Government Agencies

A. Cybersecurity Training

Untrained governmental personnel remains the number one liability in terms of cybersecurity, as human error still accounts for 60% of attacks. Look at it this way: regardless of how advanced your firewall or antivirus might be, employees and their devices remain an entry point for phishers and other hackers.

The larger your staff is, the more access opportunities these malicious actors have into your governmental agency’s network. Fortunately, this particular problem has a clear solution, and that is cybersecurity training. To bring security awareness into your organization, make sure to cover the following topics:

Types of Threats

Cyber-threats come in a variety of shapes and sizes, bearing different hats and inflicting numerous types of damage on their way. If you expect employees to effectively identify an attack against local government, then you should first and foremost ensure that they can recognize each type of threat out there. Essential subtopics include, but are not limited to:

  • Malware
  • Ransomware
  • Spyware
  • Trojans
  • Viruses
  • Botnets

Discussing the different types of attacks that can occur along with the nefarious practices that make them possible is also recommended at this stage. Here’s what your staff should be aware of:

  • Malware attack
  • Bot attack
  • Brute force attack
  • Phishing campaign
  • Social engineering
  • Man-in-the-middle attack
  • Denial-of-service (DoS) attack
  • Distributed denial-of-service (DDoS) attack
  • DNS tunneling
  • SQL injection
  • Etc.

Password Management

Governmental employees should understand the importance of their login credentials. Strong passwords are your agency’s first line of defense against a cyberattack, as they protect the most sensitive and valuable data on the network. Teach staff how to set a strong password that contains:

  • uppercase letters,
  • lowercase letters,
  • numbers,
  • and

In addition to this, make sure that everyone knows that passwords need to be changed periodically regardless of how strong they are. This must happen at random, and not after a fixed schedule that hackers can discover.

Email and Social Media Practices

Did you know that staff browsing and communication habits can open your organization to cyberattacks even further? While policing an employee’s every single move online is detrimental to organizational morale, some rules need to be enforced nevertheless. Clear policies should thus exist when it comes to email, social media, and other daily Internet-related activities.

Is an employee’s social media account linked to the agency’s official page? Are they using email to reach out to potential collaborators? Compromise in any of these areas can damage the government’s reputation in the blink of an eye. Make sure it doesn’t happen on your watch.

Reporting Procedures

Does your staff know how to signal an incident? Governmental employees are an agency’s eyes and ears, which is why you ought to put this insight to good use. Create clear reporting procedures within the organization so that every bit of relevant information is transferred to the relevant department in a timely fashion.

A quick response is anyone’s best bet in the case of a cyberattack. This is of particular importance considering the aforementioned training on threat and attack types. What good does it serve for personnel to successfully identify a hacking attempt, if they won’t know who to contact?

B. Risk Management

Now that all government employees are (ideally) on the same page regarding best cybersecurity practices, what can be done at an executive level? The answer is risk management. As my colleague Vladimir very aptly explained in his article on vulnerability risk assessment, risk management implies identifying and evaluating vulnerabilities in your organization’s network, then finding solutions to deal with them. Managing cybersecurity risks within your governmental agency has five stages:

  • Preparation
  • Identification
  • Solution definition
  • Implementation
  • Re-evaluation

By their powers combined, defining solutions and subsequently implementing them are known as problem remediation. Naturally, remediation is (arguably) the most important part of the process, as it is the one that involves dealing with issues directly. As always, it is easier to prevent cybersecurity incidents altogether than to fix the mess they leave behind. This is where Heimdal Security swoops in to save the day.

Our Endpoint Security Suite combines our core offering of Heimdal™ Threat Prevention with Heimdal™ Next-Gen Antivirus & MDM, a next-generation antivirus. Endpoint Security Suite unites vulnerability management with endpoint detection and response under one roof, providing you with unparalleled threat hunting with state-of-the-art IOCs and IOAs. Its proprietary DarkLayer Guard™ & VectorN Detection technology filters attacks at the level of the DNS, while sandbox and backdoor analysis detect even the best-hidden pieces of malware.

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Are you interested in a personalized risk assessment report? Don’t hesitate to reach out to us at sales.inquiries@heimdalsecurity.com and book a free cybersecurity consultation. Identifying vulnerabilities is essential to proper remediation.

C. Zero-Trust Model

As we’ve already seen in some cases concerning the aforementioned ten cyberattacks, sometimes the call is coming from inside the house. What I mean by this is that internal actors remain a threat to your governmental organization’s cybersecurity, whether you want it or not. But what can you do when your own people turn against you? The answer lies in the zero-trust model. My colleague Bianca already covered everything you need to know about the zero trust model in her article, so make sure to check it out for more info.

To sum it up, the term coined by John Kindervag in 2010 implies that an organization should never trust a person or device by default. Therefore, every single connection attempt must be verified before granting network access rights to anyone or anything. Multifactor authentication, encryption, and privileged access management (PAM) are all technologies linked to the zero-trust model.

Founded on the principle of least privilege, PAM presupposes giving each member of an organization the minimum access rights they require to complete their daily tasks. Requests have to be made to the network admin to escalate said rights, and these requests must be verified thoroughly as the zero-trust model suggests.

Due to this, practicing the zero-trust model can become quite time-consuming for a network admin, which is where a PAM solution such as Heimdal™ Privileged Access Management comes in. A vital part of scalability, it not only allows you to manage user rights but streamline the software installation flow as well.

Heimdal Official Logo
System admins waste 30% of their time manually managing user rights or installations

Heimdal® Privileged Access Management

Is the automatic PAM solution that makes everything easier.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Implementing Heimdal™ Privileged Access Management will give governmental system admins to approve or deny access requests from anywhere, as well as automate the flow of rights escalation for various pre-approved processes. What is more, when combined with our cybersecurity solutions suite of Heimdal™ Threat Prevention and Heimdal™ Next-Gen Antivirus & MDM​, Heimdal™ Privileged Access Management becomes the only PAM solution on the market to automatically de-escalate user rights when a threat is detected.

Wrapping Up…

Governmental organizations all over the world are under siege, and cyber attackers don’t seem to be backing down anytime soon. It is thus your responsibility as a representative to mitigate, and more importantly, prevent these threats from breaching internal systems. Local and state administrations have a responsibility to keep the people’s PII and other confidential records safe, and this responsibility starts with a proper cybersecurity strategy.

What are your thoughts on cyberattacks against governmental organizations? Let me know in the comment section below!

Author Profile

Alina Georgiana Petcu

Product Marketing Manager

linkedin icon

Alina Georgiana Petcu is a Product Marketing Manager within Heimdal™ Security and her main interest lies in institutional cybersecurity. In her spare time, Alina is also an avid malware historian who loves nothing more than to untangle the intricate narratives behind the world's most infamous cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE