14 DAY TRIAL // An unclassified email system of the US State Department was taken offline temporarily late on Friday, on account of suspicions of unauthorized activity.
Suspending the email system is part of a scheduled maintenance task, but this type of action has not been taken before. The purpose is to make security improvements to the main unclassified computer network.
Government systems recorded several attacks
An official speaking under the condition of anonymity to the Associated Press on Sunday said that suspicious activity had been recorded on the system in the same period as the reported incident targeting the White House computer network, which was disclosed in late October.
At the moment, it is unclear if there is a connection between the two attacks. Lately, various cyber-attack incidents affecting multiple government agencies have been made public.
Apart from the White House attack, which impacted on the unclassified computer network, the US Postal Service has also been hit, resulting in employee and customer data being exposed, millions of individuals being allegedly affected.
Furthermore, there is the breach on National Oceanic and Atmospheric Agency (NOAA) systems, which occurred in late September but was disclosed more than a month later; it is believed that Chinese hackers were behind this incident.
There is no evidence that all these attacks are connected, but judging by their targets, one would be inclined to believe so.
Network segregation is a good security measure
The US State Department official said that the systems are expected to be up and running normally when the security upgrades have been applied, on Monday or Tuesday.
Commenting on the incident, Josh Cannell, malware intelligence analyst at Malwarebytes, has said that hackers are constantly searching for new weaknesses in networks in order to collect data and to use them as a vantage point for moving to other networks.
“While the affected system was unclassified, this doesn't mean that sensitive data cannot be obtained from these systems. Unclassified systems still contain information that hackers can use; the email addresses themselves are valuable, for instance, as they could later be used in a spear phishing attack that possibly reopens doors for attackers. What's more, data spills can and sometimes occur on these networks, intentionally or unintentionally passing classified information through unclassified channels,” the researcher added via email.
Mike Lloyd, CTO of RedSeal, says that the lesson that can be learned from the intrusion on the State Department systems is that network segmentation works, since the official standpoint is that classified systems were not affected by the breach.
With network segmentation as a security measure, the damage is contained to only one part of the infrastructure.
