Hackers target government agencies through third-party security vulnerabilities

Penetration of government networks through vulnerable third-party vendors and sources is on the rise.

Just this week, reports from Okaloosa County in Fort Walton Beach, Florida, placed external vendors at the center of a possible data breach involving utility customers.

An investigation revealed that the Okaloosa County Water and Sewer online payment system may have been compromised. John Hofstad, County Administrator, provide additional details about the incident.

“At the present time, it appears the breach of debit/credit card data occurred outside the county’s bill payment system, but until the outside vendor(s) are certain our customer’s financial information is secure we don’t want to put our customers in any jeopardy in paying bills online.”

This is just one of many government agencies that were targeted or simply exposed to significant security breaches as a result of poor vulnerability management.

In February of this year, thousands of websites were impacted by malicious code from a compromised third-party online resource. As a result, an estimated 4,275 websites that included government services in the United Kingdom and UScourts.gov, the website of the US court system, were hijacked to mine the cryptocurrency bitcoin.

The security researcher credited with discovering the hack, Scott Helme, noted, “It could have been a catastrophe, it really could have—that’s not just scaremongering. We were exceptionally lucky this was so mild and so quickly found.”

What became an embarrassment could have caused a devastating exfiltration of data, like the loss of critical and sensitive information on more than 22 million former and current employees of the US federal government through the sloppily managed network of the Office of Personnel Management (OPM).

According to the scathing federal report on the OPM breach, “the lax state of OPM’s information security left the agency’s information systems exposed for any experienced hacker to infiltrate and compromise.” While an initial hacker was observed operating within the OPM network, a second hacker used the credentials of a third-party contractor to enter the system, inject malware, and create a backdoor to the system.


Lapses in Cybersecurity Lead to Loss of Sensitive Data

The OPM data breach, like many losses that occur across the public and private sector, was no surprise. Warned since 2005 of its third-party security vulnerabilities, the OPM perhaps assumed it was too big to fail, leading to fundamental deficiencies. Just a few of the issues at the OPM included:

      • There was a lack of managerial structure to “implement reliable IT security policies” and an “overall lack of compliance” to the policies that did exist.
      • A failure to implement multi-factor authentication for employees and third-party contractors led to the compromise of credentials to breach the system.
      • The OPM used IT systems that operated without security assessment.


Whether mining bitcoin by hack or losing information termed “a gold mine for a foreign intelligence service” to nation-state agents, local and federal US governmental agencies are prime targets of bad actors. For any agency with a weak security profile, a secure remote access platform like that offered by SecureLink resolves issues of authentication, access, surveillance, audit, and ease of management.

It is compelling to consider an excerpt from the OPM breach report:

“The government of the United States of America has never before been more vulnerable to cyberattacks. No agency appears safe. In recent data breaches, hackers took information from the United States Postal Service; the State Department; the Nuclear Regulatory Commission the Internal Revenue Service; and even the White House.”


About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise Access has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink Customer Connect is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.