VA sees sharp uptick in cyberattacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://fcw.com/articles/2015/05/04/va-cyber-attacks.aspx

The Department of Veterans Affairs is an increasingly popular target for
hackers and cyber criminals. Attempts to infiltrate VA networks, or ship
malware to VA employees and contractors via phishing emails, are growing
exponentially, according to data released by the agency.

There were more than 350 million attempts to infiltrate VA networks in
March 2015, up from 15 million in November 2014. The VA blocked almost 1.2
billion pieces of malware targeting VA systems in March, up from 300
million six months ago.

Steph Warren, the top tech official at VA, said the department risks being
"overwhelmed" if attacks continue to grow at the current rate of increase.
The VA has been releasing top line numbers on cyber infiltration attempts
in recent months, so there is a clearer picture of the threats facing VA
than those facing other agencies. But Warren pointed out during an April 30
call with reporters, "there is lots and lots of interest, and we are not
the only ones seeing this kind of interest." Warren added, "we hope there
is some appreciation of the level of threat that is coming at these
organizations."

VA is a customer of the Einstein network protection system run by the
Department of Homeland Security. Warren said that VA was "aggressively
taking advantage" of new features being added to the Einstein toolkit.

Warren also said that VA tech employees are taking a harder line with
colleagues who are opening and activating phishing emails by clicking on
attachments from unknown senders. Workers who click on phishing emails
typically get a chat on proper email precautions and cyber hygiene from an
IT staffer that includes an explanation of what could happen if a rogue
program were permitted to infect the system. The VA's defenses in
combination with Einstein have blocked these inbound intrusion attempts,
but Warren stressed that the volume of attacks presented an urgent threat.

"Six months ago, I could not have projected that we would be seeing this
volume, this intensity of attacks," he said.

At the same time as it fends off attacks to its network, the VA is mulling
how it might move some of its data and operations to commercial cloud
environments. Warren said that Office of Information and Technology staff,
along with representatives from around the VA -- including the general
counsel and inspector general's office --are meeting to develop a cloud
computing strategy. A previous plan to move VA email to an HP cloud was
scuttled because the VA OIG objected to the records retention schedules
contained in the cloud deal.

Warren said he hoped to develop a plan to move high-security and
medium-security apps and data to the cloud. "We're not looking for a
consensus solution," Warren said. Instead, he wants to clear potential
hurdles to moving to the cloud and address objections as they come up.
Warren said he hoped to see a first draft of the cloud strategy within 30
days.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!