Hackers have infiltrated many of Washington state’s agencies


The attack has already lasted more than a week, but it has yet to significantly affect state operations even while exposing flaws in the state’s security apparatus, sources said. — Dreamstime/TNS

Hackers have launched a sprawling, multifaceted cyberattack against the state of Washington, according to two people familiar with the matter.

The attack infested many of the state’s agencies with sophisticated malware, including one type known as Trickbot, according to the two people, who requested anonymity because they aren’t authorised to talk to the media.

The attack has already lasted more than a week, but it has yet to significantly affect state operations even while exposing flaws in the state’s security apparatus, the people said.

The cyberattack didn’t impact the state’s election systems. Nonetheless, coming nearly a month ahead of November’s presidential election, it highlights the potential vulnerability of state computer networks, which include election systems.

Tara Lee and Mike Faulk, both of whom are spokespersons for Governor Jay Inslee, didn’t respond to requests for comment. Secretary of State Kim Wyman’s office tweeted Thursday that they’re "aware of an active cyber threat facing government entities...though we have no reason at this time to believe this is targeted at elections”.

‘Phishing campaign’

On Thursday, Inslee said at a press conference that a nationwide "phishing campaign” – phony emails that usually include an attachment that detonates malware when opened – was targeting the state. But the reality of the attack hitting state computer networks is more serious than a phishing campaign. Attackers have successfully gained access to multiple state agencies, spreading malware and establishing a foothold from which they could deepen their attack.

Washington is being assisted by US Department of Homeland Security, the FBI and Microsoft Corp, in the hopes of fending off the attackers, according to the person familiar.

Microsoft spokesperson Frank Shaw declined to comment. Messages sent to the FBI in Seattle weren’t acknowledged.

The attackers’ motives remain unclear. It’s not known if any data was stolen or if the hackers had planned to detonate the kind of ransomware attacks that have devastated cities, school districts and businesses across the country in recent years. Such attacks seek to lock users out of their computers, demanding a hefty ransom to regain access, and can significantly disrupt operations for days or even weeks.

Still, the timing of the attack has raised security questions ahead of the first presidential election since Russia meddled in the 2016 race by hacking Democratic Party emails and targeting election systems in all 50 states, according to federal authorities. DHS has repeatedly warned about the risk of cyberattacks and even ransomware before the upcoming vote.

At least some state employees received calls on Sept 18 directing them to avoid accessing emails. On Sept 21, an updated directive asked employees to stop clicking on new attachments, according to a state employee who asked not to be identified because they’re not authorised to speak to the media.

Profit tool

One of the people familiar with the investigation said early analysis of the intrusion indicated that the hackers may not have been targeting Washington but rather happened upon – and took advantage of – flaws in the state’s cybersecurity system. Responders are continuing to monitor the malware’s behaviour across a broad swath of the state’s network, said the person.

At least 13 of the state’s departments and commissions were impacted by the attack, including corrections, parks and recreation and fish and wildlife, according to one of the people familiar with the matter. That person also said another type of malware, called Emotet, was used in the attack, in addition to Trickbot. Representatives from those state agencies didn’t respond to requests for comment.

The election isn’t only a political target for some attackers with nation-state allegiances. They are also a potential tool for cybercriminals seeking profit because victims may be desperate to pay to ensure their systems are operational, said Brett Callow, a threat analyst at the New Zealand-band cybersecurity company Emsisoft.

"What better time for an attacker to extort payment from government systems than the time it needs access the most?” said Callow, adding that the hackers could be "holding fire” until the days leading up to Nov 3 Election Day.

Washington state is widely viewed as boasting one of the country’s most sophisticated cybersecurity systems, especially its election system defenses. Because of its dependence on postal ballots, Washington ranks among the highest for pandemic voting preparedness, according to a report by the Rand Corp about voting system confidence in 2020.

Dangerous malware

The Emotet banking Trojan, first identified in 2014, gained notoriety by targeting banks and financial data but has since evolved into a spamming and malware service, according to cyber research firm, Malwarebytes Inc. Its ability to evade detection has drawn the ire of the US government which has branded Emotet among the world’s most dangerous malware with an estimated cleanup cost of US$1mil (RM4.17mil) per incident.

Hackers are often capable of moving around inside the network, allowing them to compromise additional departments. In the case of Emotet, the attackers are also known for resending phishing emails to victims from the internal email system.

In addition, it’s not uncommon for attackers to take their time after gaining access to a network, before deploying ransomware or some other kind of damaging attack. The hackers can use that time to explore the network looking for sensitive data or figuring out how to exploit a vulnerability.

Emotet and Trickbot are frequently used in tandem, especially by the Russia-based cybergang, Ryuk, according to the cybersecurity firm CrowdStrike. First recognised in 2019, Ryuk became notorious in its first six months of operation for attacking enterprise networks, yielding revenue upwards of US$4mil (RM16.68mil), according to CrowdStrike.

As Ryuk’s activity faded slightly in the early-spring and summer of 2020, another threat actor emerged with a similar attack profile, called Conti, according to Emsisoft. In its short history, Conti, which also appears to be Russia-based, has gained notoriety for attacking state and local governments, including state courts in Louisiana in September, the cyber firm said. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

hackers , malware

   

Did you find this article insightful?

Yes
No

Next In Tech News

Africa retail tech startup Sokowatch eyes electric tuk tuks to cut costs
Amazon says sellers racked up more than US$4.8bil in sales over weekend
Airbnb-, Amazon-style services in focus in Canada tax proposal
Amazon brings macOS to cloud in a boost to Apple app developers
MSU’s eSports team wins PMCC 2020, scores RM20,000 prize
Opinion: TikTok stars and YouTube gamers are the new climate warriors
UK labour unions work to find ways to bargain with AI’s black box
This holiday season, Americans are shopping from home
Celcom to upgrade network, with focus on rural areas
Cyber Monday poised to mark record for US online retail sales

Stories You'll Enjoy