Incident Response, TDR, Vulnerability Management

Government shutdown brings added risks to diminished workforce

As the first government shutdown in 17 years plods along, security professionals should be hyperaware of how the diminished work presence in the public sector provides a welcome disruption for cyber adversaries.

Since Tuesday, more than 800,000 government workers have been forced to take furlough days while the House, Senate and White House work towards an agreement on government spending. And, in addition to taking a hit to their paychecks, federal workers may also become the target of online attacks aimed at their organization – or entities and users reliant on their services.

Larry Slobodzian, a senior solutions engineer at LockPath, an Overland Park, Kan.-based security solutions firm that consults with companies on risk management, governance and compliance issues, told SCMagazine.com in a Wednesday interview that now is the perfect time for attackers to strike.

“I would think that the quieter, more sophisticated attacks are going to be more prevalent because you will have less eyes monitoring [operations],” Slobodzian said.

He added that, depending on how long the shutdown continues, workers could miss necessary software patches or system updates.

“Zero-day vulnerabilities, or unknown vulnerabilities that are fresh on the [black] market, are likely to be exploited because you can be fairly certain they are not going to be patched,” Slobodzian said, later explaining that some patches require a number of actions before they are implemented.

“There's patches that require more than just an automated tool, like changing a password, or it takes a [privileged] staff member to complete. A malicious entity would probably be targeting something like that – a complex task that's not going to be done or is delayed,” he said.

In addition to exploiting vulnerable assets, security experts warned that saboteurs may go for the human target, leveraging social engineering tactics to infiltrate organizations.

Patrick Potter, a governance, risk and compliance strategist at RSA, told SCMagazine.com in a Wednesday interview that IT management should take into consideration the government shutdown, as well as the simultaneous launch of the online health insurance exchanges this week, under implementation of the Affordable Care Act.

“Things like phishing attacks may be on the rise,” Potter said. “People will really have to be careful of the ‘organizations' they are approached by.”

On Wednesday, security firm Symantec warned users at its blog that it had already begun to see government shutdown-themed spam used to advertise spurious deals on “brand new” vehicles.

Even individuals that have seen their share of common promotional spam, like the aforementioned, could be tricked into clicking a malicious link or attachment, if they believe it pertains to official business or news surrounding current events, like the shutdown.

“I think there's going to be a proliferation of information coming at people, and they may not know if it's official, or safe, or not,” Potter said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.