You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

State Infiltrated By Hackers

A large-scale Phishing attack campaign is ravaging the State of Washington's government offices.

Hackers Infiltrate Washington

A cybercrime group has the state of Washington in their sights. It's not just one agency or office either. They've hit

Attackers have successfully gained access to multiple state agencies, spreading malware and establishing a foothold from which they could deepen their attack.

Washington's Governor Jay Inslee stated at a press conference that their state's agencies are falling victim to a "large-scale, highly sophisticated" Phishing campaign. The attackers reportedly unleashed Trickbot malware.

While the state is handling multiple dilemmas -- an election, record unemployment, civil unrest, fires -- a broad scale compromise could be crippling.”

One hallmark of the Trickbot malware strain is its ability to harvest emails and login credentials. This means that the attackers can gain deeper access into the state agencies. But just as importantly, it means they could spoof government employees in additional attacks.

This creates the opportunity for "island hopping" by the cybercriminals. This quickly puts smaller organizations, public and private, at risk.

For instance, you get an email from your Supervisor of Elections regarding your polling location. Should be harmless, right? Especially if it appears to come from that representative's office - the right email address. This is the hard part about island hopping - the attackers can now impersonate the legitimate email sender and utilize their contacts to spread their attack.

The key indicator in these attacks usually come from a malicious domain in the email link, even if the email looks exactly like a real email from the government office.

This quickly becomes a very tricky attack to avoid.

The good news is that these hacks can be stopped!

The first step is training your team to avoid the initial Phishing email, the ones that these government offices are getting every single day.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) sales team here!

Original article here.
[https://www.bloomberg.com/news/articles/2020-09-27/hackers-have-infiltrated-many-of-washington-state-s-agencies?srnd=technology-vp]

Joel Cahill

Cyber security enthusiast. Entrepreneur.