DHS Shares Data on Top Cyber Threats to Federal Agencies

DHS Shares Data on Top Cyber Threats to Federal Agencies
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.

The US federal government's civilian agencies see many of the same attacks as the private sector, fending off ransomware, cryptominers, and backdoors, according to the an alert published this week by the US Department of Homeland Security's main cybersecurity agency.


In the June 30 alert, the Cybersecurity and Infrastructure Agency (CISA) warned that three threats constituted more than 90% of the active signatures detected by the government's intrusion prevention system known as EINSTEIN. The three threats are the NetSupport Manager RAT, the Kovter Trojan, and the XMRig cryptominer. While DHS CISA did not discuss the impact that the threats have had on government agencies, the agency did provide Snort signatures for other security analysts to use.  


The release shows the US government may start sharing more information with the private sector on cyberattacks, says Johannes Ullrich, dean of research for the SANS Technology Institute, a professional cybersecurity education organization.


"It is nice that they share, and it's interesting, but not surprising that they are seeing what everyone else is seeing: A backdoor, a cryptominer, and ransomware," he says. "For me as a researcher, it's good to know that they are seeing the same things we are."


The usefulness of the data, however, is somewhat dampened by the fact that the information is from the month of May and at least 30 days old. In addition, defenders increasingly rely on behavior-recognition technologies and not pattern-matching to detect threats, Ullrich says.


"This information is meant to give the reader a closer look into what analysts are seeing at the ..

Support the originator by clicking the read the rest link below.