GOVRAT V2.0

Recommendations

Info

GOVRAT V2.0 ATTACKING US MILITARY AND GOVERNMENT InfoArmor has acquired the breached data for further analysis and risk mitigation. This database has over 33,000 users and their contact information from various government, military and educational organizations, along with stored passwords in hashed form. Each password has been hashed using several rounds. Brief analysis showed that the bad actors could decrypt the hash and use the recovered password information for further hacking attempts. 14
GOVRAT V2.0 ATTACKING US MILITARY AND GOVERNMENT In one of the files obtained from the bad actors, there was a comment related to the analysis of authentication mechanisms used in various government Web-resources for remote access. The bad actor noted that not all of the accounts require an RSA SecureID or external hardware token, making the collected compromised data extremely useful. And if the victim is using the same password, it might be possible to execute a successful login. The bad actors also outlined that in some cases military Web applications require the use of a specific proxy. In these cases, they organize reverse proxies 3 on the victims in order to access sensitive resources from the same network pool and even IP addresses. 3) A back-connect or reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server (C&C on the cybercriminal’s side). 15
Page 1 and 2: GOVRAT V2.0 ATTACKING US MILITARY A
Page 13: GOVRAT V2.0 ATTACKING US MILITARY A
Page 21: 800 789 2720 / ATI.INFOARMOR.COM IA

GOVRAT V2.0

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?