March 31, 2015 By Fran Howarth 2 min read

U.S. federal agencies have seen a string of cyberattacks in the past few months. The first to be affected was the White House, followed by the U.S. Postal Service, then the National Oceanic and Atmospheric Association. The U.S. State Department was also attacked, with “activity of concern” seen since October 2014 — the same time as the White House. According to a spokesman for the State Department, the attack seems to be linked to the one at the White House.

In the U.S. State Department hack, an unclassified email system was compromised, with emails related to the Ukrainian crisis among those stolen. Even though the attackers did not penetrate any classified areas of the network, officials concede that sensitive information that could be of value to foreign intelligence agencies is routinely shared in unclassified emails.

Phishing Email Sparks US State Department Attack

The attack reportedly started with a phishing email sent to a State Department employee that contained a malicious link that caused malware to be downloaded onto the computer. The attackers were then able to move laterally across the network, which incorporates thousands of computers spread across the United States as well as remote locations, including embassies. The vast extent of this network has hampered cleanup operations. The attackers are also believed to be using a rootkit, which is a worm that allows them to mask the majority of their activity.

Worst Attack Ever Against a Federal Agency

According to officials, the U.S. State Department hack is the worst that has ever been seen against a federal agency. The FBI is actively investigating the attack, which has demonstrated that there are serious security issues within the State Department’s network.

The system was first taken down for scheduled patching, but more comprehensive measures were required. Efforts were made to harden the system and automatically archive all emails, something that was not done previously. Other implemented measures included replacing 30,000 employee network login tokens and requiring them to change their passwords and PINs.

Comprehensive Measures to Boost Security

There has also been speculation that the attacks were the work of a foreign government. Whoever the perpetrators were, it is clear that more comprehensive measures should be taken to bolster security within the U.S. government and to raise security awareness to prevent others from falling victim to phishing attacks. All organizations — not just governments — need to beef up their ability to detect and respond to sophisticated attacks.

Consequently, among the measures being introduced by the U.S. government to improve security is legislation to encourage information sharing about cybersecurity threats. One such bill, known as the Protecting Cyber Networks Act, encourages private companies to share information via a civilian portal without fear of reprisal, since they will be provided with liability protection.

According to the bill’s backers, the business community welcomes such a move, as they hope it will help to stave off the threat of some of the mega-breaches seen recently. While previous efforts to introduce information sharing legislation have not been successful owing to fears that they would lead to increased surveillance, those concerns have largely been assuaged with this latest legislation, raising hopes that it will ultimately be successful.

More from Government

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today