Case Study | Government Agencies

Government Agencies are prime targets for hackers because of the sensitive information and data they have. These Agencies could also control critical infrastructure and public services that could be targets of terrorists or ransomware seekers. The motives that drive hackers to Government Agencies typically stem from Profit, Glamour, Espionage and Reputational Attacks.

Notable Government Agency Intrusion News

Morrison reveals malicious ‘state-based’ cyber attack on governments, industry – SMH

Australian governments and industry are being targeted by major cyber attacks that could put pressure on critical infrastructure and public services…
“Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor,” Mr Morrison said.
This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

US cyber-attack: US energy department confirms it was hit by Sunburst hack – BBC

The US energy department is the latest agency to confirm it has been breached in what is being described as the worst-ever hack on the US government.
The US treasury and commerce departments are among the other targets of the sophisticated, months-long breach…
It said “critical infrastructure” had been damaged, federal agencies and private sector companies compromised, and that the damage posed a “grave threat”.

Singapore health system hit by ‘most serious breach of personal data’ in cyberattack; PM Lee’s data targeted – CNA

A total of 1.5 million SingHealth patients’ non-medical personal data were stolen, while 160,000 of those had their dispensed medicines’ records taken too, according to MCI and MOH.

Among those affected was Prime Minister Lee Hsien Loong, with the attackers “specifically and repeatedly targeting” his personal particulars and information of his outpatient dispensed medicines, the ministries said in a joint release on Friday (Jul 20).

The personal data taken from the 1.5 million patients include their names, NRIC numbers, address, gender, race and date of birth, the release said…

Typical Targeted Vulnerabilities of Government Agencies

Critical Infrastructure – They look for long-term access to gather intelligence and develop means to disable critical infrastructure and industries. Utilities such as Power and Telco companies also have vast amounts of personally identifiable information.

Intellectual Property – They look to steal intellectual property that is expensive to develop in fields like high technology, medicine, defense and agriculture.

Research Data – They look to acquire such data to accelerate their own development of solutions in a variety of fields including military and bio sciences. These could have an espionage or profit motive.

Personal Data – State sponsored hackers look to exploit personal data of key high – ranking officials and decision makers. This Personally Identifiable Information (PII) could be used as leverage to advance their own agenda.

Case Study – Government Agency in ASEAN

A Government Agency in ASEAN contacted Cybots in search of
Solutions relating to:
• Endpoint Security
• AI enabled Automation
• Improved Visibility of Intrusions

The Agency required a POC where they acted as the Red Team, with Cybots as the Blue Team to evaluate the effectiveness of Solutions against attack.

Detailed steps of their attack were captured by the Cybots Solution including the following:
• Shadow IT instances
• Correlation mapping with entire network of endpoints
• Lateral movement
• Zero day attacks and Exploits

Effective Solution leads to Engagement

Cybots Solutions provided a Cyber Situation report that captured a variety of attack modalities. This included providing forensic analysis of attack tactics, techniques and procedures.

The evaluation was positive resulting in the adoption of Cybots Solutions.

The client was impressed with the following features:
• AI driven Automation that achieved faster response and lower human intervention, thereby reducing errors
• Shadow IT correlation which was not visible in other solutions
• Ease of self-deployment
• Improved Visibility of Intrusions

Implementation and Conclusion

The Government Agency indicated the need to self-deploy the Solution to maintain high levels of confidentiality. Training was provided and self-deployment was successfully achieved.

The ability and ease of self-deployment facilitated the level of confidentiality that was necessary in a Government Agency environment.

The engagement of Cybots Solutions was expanded to deployment at an additional two Government Agency sites.