Christian Vasquez Archives | FedScoop https://fedscoop.com/author/christian-vasquez/ FedScoop delivers up-to-the-minute breaking government tech news and is the government IT community's platform for education and collaboration through news, events, radio and TV. FedScoop engages top leaders from the White House, federal agencies, academia and the tech industry both online and in person to discuss ways technology can improve government, and to exchange best practices and identify how to achieve common goals. Wed, 28 Jun 2023 14:58:14 +0000 en-US hourly 1 https://wordpress.org/?v=6.2.2 https://fedscoop.com/wp-content/uploads/sites/5/2023/01/cropped-fs_favicon-3.png?w=32 Christian Vasquez Archives | FedScoop https://fedscoop.com/author/christian-vasquez/ 32 32 White House releases cybersecurity budget priorities for FY 2025 https://cyberscoop.com/white-house-cybersecurity-budget-2025/ Wed, 28 Jun 2023 14:55:50 +0000 https://fedscoop.com/?p=69851 The Biden administration noted that department and agencies are expected to follow the recently released National Cybersecurity Strategy.

The post White House releases cybersecurity budget priorities for FY 2025 appeared first on FedScoop.

]]> The post White House releases cybersecurity budget priorities for FY 2025 appeared first on FedScoop.

]]> CISA: Federal civilian agency hacked by nation-state and criminal hacking groups https://cyberscoop.com/cisa-federal-civilian-agency-hacked/ Thu, 16 Mar 2023 16:13:15 +0000 https://fedscoop.com/?p=66732 The vulnerability used in the attack against the federal agency is well-known and among the top exploits in 2021.

The post CISA: Federal civilian agency hacked by nation-state and criminal hacking groups appeared first on FedScoop.

]]> The post CISA: Federal civilian agency hacked by nation-state and criminal hacking groups appeared first on FedScoop.

]]> Biden’s national cybersecurity strategy advocates tech regulation, software liability reform https://cyberscoop.com/biden-national-cybersecurity-strategy-2023/ Thu, 02 Mar 2023 15:02:42 +0000 https://fedscoop.com/?p=66351 The strategy represents a shift in how Washington approaches cybersecurity, veering toward a more strictly regulated approach.

The post Biden’s national cybersecurity strategy advocates tech regulation, software liability reform appeared first on FedScoop.

]]> The post Biden’s national cybersecurity strategy advocates tech regulation, software liability reform appeared first on FedScoop.

]]> Cybercriminals scam two federal agencies via remote desktop tool, CISA warns https://fedscoop.com/cybercriminals-scam-two-federal-agencies-via-remote-desktop-tool/ Thu, 26 Jan 2023 20:58:17 +0000 https://fedscoop.com/?p=65197 CISA and the NSA warned federal agencies that malicious hackers used legitimate remote monitoring and management software to execute scams.

The post Cybercriminals scam two federal agencies via remote desktop tool, CISA warns appeared first on FedScoop.

]]> Cybercriminals duped federal employees into downloading remote monitoring and management software and then used it to execute scams to steal money from victims’ bank accounts, top cybersecurity officials said Wednesday.

In an alert warning agencies about the malicious use of remote management software, in this case ConnectWise Control and AnyDesk, officials said that while the specific activity “appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and [advanced persistent threat] actors.” 

The joint alert from the Cybersecurity and Infrastructure Security Agency, National Security Agency and Multi-State Information Sharing and Analysis Center did not specify which agencies were affected, but noted that at least two were victims.

Additionally, the alert said help desk-themed phishing emails were sent since at least June 2022 to multiple federal civilian agencies. CISA detailed the two instances of suspected malicious activity discovered in October using the federal intrusion detection program known as EINSTEIN. In mid-June, a federal civilian agency received a phishing email and the victim called a phone number contained in the message and led them to a malicious domain. In mid-September, CISA identified traffic flowing between an agency network and a malicious domain.

The campaign continued until at least early November, the alert said. The hackers impersonated help desk services such as Geek Squad Services, general tech support owned by Best Buy, as well as Norton, Amazon, McAfee and PayPal in order to dupe victims. Once the hackers had access to the victims’ machines, they could potentially sell any network access to other cyber criminals or APT groups, according to the alert. “This campaign highlights the threat of malicious cyber activity associated with legitimate RMM software.”

The report warned that, generally, remote management software does not trigger antivirus or anti-malware defenses and that hackers can use legitimate RMM software in a portable executable which can “bypass administrative privilege requirements and software management control policies.” Additionally, RMM software can reduce the need for a malicious hacker to use custom malware and can act as a backdoor to keep on the victim’s network.

The post Cybercriminals scam two federal agencies via remote desktop tool, CISA warns appeared first on FedScoop.

]]>