On March 15, 2018, a Technical Alert (TA) was released jointly by the Department of Homeland Security (DHS) and the FBI which implicated Russian government cyber actors in the targeting of numerous US, Canadian, and European targets. The cyber attacks used a variety of infection vectors, including: malicious emails, watering hole attacks, and Trojanized software. The Russian hackers are targeting trusted third-party providers (known as "staging targets”) who have less secure networks than their ultimate intended enterprise business and government targets. From these vulnerable entry points, they can gain access to the much more secure infrastructure targets.
This TA was mostly a confirmation of a commonly-held knowledge in the cyber security professional community. The hacking group, known as Dragonfly or Energetic Bear, has been in operation since at least 2011. Initially, they were targeting defense and aviation companies in the US and Canada. By early 2013, they had pivoted to focusing mainly on US and European energy firms. They went quiet for a few years after Symantec released a report detailing their actions in 2014. They later reemerged sometime in March 2016 and began targeting government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. The hackers were able to gain access and control of much of the US’s critical infrastructure.
Increasingly, companies are realizing that, regardless of how secure their own IT infrastructure is, they are only as secure as their least defended downstream provider. The revealed actions of Dragonfly are just further proof (as if any more were needed) that all small, medium-sized, and large enterprise businesses need to be concerned with assessing their security risk and compliance. Lack of cybersecurity due diligence could put valuable contracts at risk.
For cyber security to be effective, companies must evaluate the data information security posture of their third-party vendors. As of this year, performing these cybersecurity risk assessments is now a requirement for getting or maintaining a government contract. While this is a positive step in cybersecurity, manually evaluating every third-party vendor can be an incredibly expensive and time-consuming process. Thankfully, there’s an easier way. SecurityGate has designed a cybersecurity risk and compliance management platform which automates the cyber risk assessment and remediation process. Companies can track their various suppliers and assets cyber security compliance through a centralized dashboard, allowing them to compare suppliers and focus on the most pressing cybersecurity issues first. Click here to schedule a demonstration.