Always on the agenda: Gone Phishing; hackers hunt for big game

In our previous article we covered the Okta breach, and while hacking is often referred to in a business or individual context, the last couple of years have shown an increasing number of attacks on governments and countries. The pandemic forced into place a digital transformation, and a need for quickly scalable cloud-based solutions due to work-from-home restrictions. But with gaining higher mobility came additional safety risks. According to the BlackBerry Quarterly Threat Intelligence Report, Governments and Public Entities faced 40% more cyberattacks, making them one of the most targeted industries along with Healthcare and Finance.

Although there has been an increase in ransomware attacks, as cyber criminals have adopted a ransomware as a service business model, data over dollar is the new standard. In 2022, it was reported that only 32% of state and local governments paid out ransom demands, compared to other sectors averaging at 46%. Unlike the attacks on businesses and companies, motives for hacking a nation are quite different. The war on Ukraine spiked several independent hacktivist attacks, politically motivated without any interest of money. Government founded advanced persistent threats aim to gain intel rather than income, and distributed denial of service attacks may want to disrupt essential services.

With cyberattacks such as the SolarWinds breach and the June-attack on the US Government still fresh in mind, it becomes increasingly clear that malicious software is a problem that affects everyone. The amount of sensitive data compiled in government entities expose critical infrastructure. Even if no ransom is demanded, stolen data can be sold to create forged documents, steal identities, or take over privileged accounts. Not to mention the implication of national security and trust in the governing system:

“Governments and public services, such as public transit, electricity, water services, schools, and non-profit organizations, stand as unfortunate bullseyes for cybercriminals and other threat actors, whose attacks seek to wreak maximum havoc and who often times face very little resistance,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry.

Budget limitations, immature cyber defense programs, and lack of recourses leave these organizations struggling to defend themselves. In response to this, NIST and CISA joined forces and released new Cybersecurity Performance Goals to help kickstart security efforts in critical infrastructures.

Although it may sound like an overwhelming task, at the root, all security starts on the identity surface. As high-value sectors increasingly move towards remote workforces, the attack surface expands, making them more susceptible to identity-based exploitation. 70% of all security breaches originate on endpoint devices, and that is why now more than ever, actions need to be taken to ensure that the person logging on really is who they claim to be. By applying the OFFPAD, our personal authentication device, you can trust that your data is in the right hands. Offering a simple yet highly effective easy-to-deploy solution, the OFFPAD activates only for seconds during authentication, and responds merely to the unique biometrics of its rightful owner; allowing organizations to scale down the attack surface, and stopping a potential threat in its tracks with the touch of a finger.