The federal government needs to take “bold” appraoches to increasing the cybersecurity of agencies, according to a report the White House released a report last week, which found serious deficiencies in the government’s risk management abilities. In the “Federal Cybersecurity Risk Determination Report and Action Plan,” the Office of Management and Budget and Department of Homeland Security determined that 71 of 96 agencies (74 percent) participating in a federal risk assessment process “have cybersecurity programs that are either at risk or high risk.” OMB and DHS also found that agencies are “not equipped to determine how threat actors seek to gain access to their information.” … Malicious software, or malware, is perhaps the oldest cybersecurity threat, with viruses and worms tracing their roots back to the 1980s. The authors of malware keep pace with improvements in security technologies, and in an ongoing cat-and-mouse game, go to great lengths to keep a foothold in upgraded operating systems and applications by developing stealthier and more effective malware.
Some malware authors focus on compromising numerous systems, regardless of their owner or purpose. For example, CoinMiner malware infects systems via malicious code embedded in online advertising and then uses the purloined computing capacity to mine bitcoin or other cryptocurrencies. Similarly, the Kovter Trojan infects systems via malicious email attachments and then generates advertising revenue via click fraud schemes. These unfocused malware attacks are a nuisance to agency IT staff who must rebuild infected systems.
Other malware, however, has more focused purposes and can be dangerous on government computer systems. NanoCore, for example, is a remote access Trojan that allows hackers to gain complete control of infected systems, where they can then either steal sensitive information or use the system as a jumping-off point for attacks on the rest of the network.
Full Article: Why Feds Face an Array of Cybersecurity Threats – FedTech.