https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

DC Capitol Riot

US Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft

  • Written by Edward Gately
  • January 7, 2021
It's not yet known what all the rioters got their hands on or saw.

Cybersecurity experts say U.S. Capitol rioters pose a threat to national security because they accessed and stole government officials’ devices.

And it’s not yet known what all the rioters got their hands on or saw.

Kevin Coleman is executive director of the National Cyber Security Alliance. He said Capitol rioters stole U.S. Sen. Jeff Merkley’s laptop. And any rioters ransacking House Speaker Nancy Pelosi’s office could have seen or accessed sensitive information.

The silver lining is that lawmakers’ classified information typically is stored on sensitive compartmented information facilities (SFICs), he said.

NCSA's Kevin Coleman

NCSA’s Kevin Coleman

“But the dangers and threat vectors that surface from unprotected physical devices are still very prevalent,” Coleman said. “We’ve seen screenshots of Pelosi’s email inbox already posted to Twitter, which means that perpetrators could have accessed email lists and records that can potentially be used to conduct phishing attacks.”

Don’t Underestimate the Rioters

Understating the capabilities of individuals among the Capitol rioters would be a mistake as well, Coleman said.

“It’s impossible to know at this point if any were aligned with opposing nation-state interests or if any devices that weren’t stolen might have been targets for malware installations,” he said. “Conversely, a stolen device no longer belongs to its original owner.”

Due to a lapse in device security, thieves shouldn’t have any difficulty combing through the entirety of an endpoint’s hard drive, Coleman said.

This potential security breach could compound government vulnerabilities beyond the SolarWinds hack, he said.

“While reports have asserted that any accessible data that could potentially have been stolen was unclassified and relatively low level in terms of sensitivity, this event will certainly be another wakeup call for government security teams,” Coleman said. “SolarWinds was a proof point that third-party supply chain attacks — although not incredibly sophisticated — can be devastating. It called into question how government IT teams were vetting third-party partners, how they were collecting and storing sensitive data.”

And the targeted federal organizations will have to overhaul their entire security playbooks moving forward, he said.

The Capitol riot data thefts likely won’t be anywhere near as disastrous as SolarWinds, Coleman said. But they add to the mix of security issues the government will have to sort out.

“While SolarWinds was a backend system vulnerability, yesterday’s incident proves that a lack of sufficient endpoint security can be a problem, and that continued awareness and education for staffers about not leaving key information on an idle device will be equally important moving forward,” he said.

Better Protection Could Have Been in Place

Better device security could have been in place to minimize the risk, Coleman said.

“It’s impossible to have a foolproof plan,” he said. “But it is possible to minimize risks with a layered approach that consists of better device security software, better data monitoring and storage policies, and continued education for staffers about the dangers of unprotected data.”

Jerry Ray is SecureAge‘s COO. He said Wednesday’s Capitol rioters brought an “empirical and tangible threat” to systems and data throughout the Capitol.

SecureAge's Jerry Ray

SecureAge’s Jerry Ray

“Whether an unsuspecting and gleeful Trump supporter lost in the moment and running in for the selfies, or a trained agent of a foreign government sporting a MAGA hat and face gaiter armed with USB flash drives, malicious dongles or peripherals to attach to systems, the mere presence of unauthorized people in the offices of legislators renders every system and every file compromised and dirty,” he said.

Any digital device within those Capitol office spaces and exposed to intruders now poses a threat, Ray said.

“Even a quick grab of a sticky note with a handwritten password on it opens up entire networks of information with national security implications to compromise,” he said.

Less Obvious Threats

Personal information left behind during the evacuation poses less obvious threats, Ray said.

“Using that information for identity theft is just as likely as it is for sophisticated phishing attacks or unsophisticated blackmail attempts for monetary or espionage purposes,” he said.

All account names, passwords, keys, directory path and file names need to be changed, Ray said.

The long-term strategy includes a lengthy and comprehensive sweep of all devices, Coleman said. In the short term, Capitol IT teams will have to prioritize any glaring vulnerabilities before combing through other devices.

“Additionally, we’re not truly privy to how exhaustive the IT team’s network monitoring and policy management protocols are,” he said. “Is there a detailed record of every login attempt? Can they cross-reference timestamps of any attempts to determine unauthorized access? And do compromised devices have encryption automatically enabled? These are all very important questions that government security teams and officials will need to reassess.”

Tags: MSPs Endpoint MSSP Insider Network Security Training and Policies

Most Recent


  • Phishing
    Twilio Customers' Data Stolen in Phishing Attacks that Trick Employees
    The hackers impersonated Twilio's IT department.
  • Cyber insurance
    Now Is the Time to Consider Cyber Insurance for Your Business
    If your business is online and accesses sensitive data, the need for cyber insurance is becoming critical.
  • Making Waves
    7 Channel People Making Waves This Week at Kaseya, AT&T, Cohesity, More
    Cloud-managed service is the fastest-growing area one analyst said in response to an MSP acquisition this week.
  • Microsoft Adds Threat Intelligence, Proactive Hunting to Defender
    The new Microsoft Defender offerings come as the company encourages partners to offer more security.

2 comments

  1. Avatar Sam Vaughn January 8, 2021 @ 5:35 am
    Reply

    Interesting that you chose the word rioters. We had an entire summer of “protesters” burning, looting, attacking innocent people, they invaded and occupied the Senator chambers and some deaths, but they were still peaceful protesters. Now, by some estimates we have tens of thousands of peaceful protesters upset that there votes were potentially stolen, a valid concern and the entire bunch is branded rioters when the reality is a handful of people were let in by Capitol police led by a bunch of guys doing the damage that look like Antifa.
    Where is your sense of perspective.

  2. Avatar Elizabeth Busto January 18, 2021 @ 7:24 pm
    Reply

    One look at the footage, and listening to what they were calling out in addition to the 5 deaths makes this a riot, not a peaceful protest! From the moment blockades were crossed, it was a riot! And your comments are incorrect – any of the protests we’ve seen in the US where unauthorized access or crossing blockades occurred, it was labeled rioting! Last, you’ll notice that unlike black lives matter protests, the police are not shooting a single one of these WHITE MALE people – one person was shot – a white WOMAN I will note – only when trying to get into the window of the chambers where senators were cowering on the floor before they were evacuated.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Security Vulnerability
    Older Fortinet Vulnerabilities Lead to Attack on Local Government Office
  • Threats
    Cybersecurity and Threat Protection: MSSPs, Get Your Advice Here
  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

Images: Telarus Hosts Partner Summit, Gives Partner, Supplier Awards

August 5, 2022

7 Channel People Making Waves This Week at Kaseya, AT&T, Cohesity, More

August 5, 2022

The Gately Report: Zscaler Tracks New, Increasingly Dangerous Ransomware Group, Most Targeted Types of People

August 5, 2022

Industry Perspectives

View all

Seize the Application Modernization Opportunity

August 2, 2022

A Growth Mindset: Your Organization’s Strategic Differentiator

August 1, 2022

Timely Tips for Non-Negotiable Patch Updates

July 29, 2022

Webinars

View all

Outsmarting RaaS: Implementation Strategies To Help Your Clients Before, During, and After a Ransomware Attack

August 23, 2022

Why it is Important to Upgrade Aging Servers and How to use Live Optics to Upgrade Efficiently

August 25, 2022

Executives at Home are Not Alright: An Intro to Digital Executive Protection

September 8, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

IBM, Partners and the $1 Trillion Hybrid Cloud Opportunity

June 26, 2022

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

May 6, 2022

Twitter

ChannelFutures

Bret Hickenlooper of @sumocom is more excited than ever to be in the channel. dlvr.it/SWHhP1 https://t.co/S0YfM2Vpiw

August 8, 2022
ChannelFutures

.@Vista_Equity acquiring @avalara in $8.4 billion deal. #automation dlvr.it/SWHd98 https://t.co/klle3bZMMp

August 8, 2022
ChannelFutures

Hackers access @twilio customer data via #phishing attacks. dlvr.it/SWHWXn https://t.co/dV9bal0vGS

August 8, 2022
ChannelFutures

[email protected] produced a 50-minute webinar on creating a work culture in which LGBTQ+ employees feel safe. You can… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

#MSPSummit preview: Surviving, thriving during economic rough seas with @SL-Index's Peter Kujawa.… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

.@ConnectWise says use #cyberinsurance policies to protect from worst of cyberattack repercussions, but first beef… twitter.com/i/web/status/1…

August 8, 2022
ChannelFutures

Check out our pictures from the #TelarusPartnerSummit that @telarus hosted in Salt Lake City.… twitter.com/i/web/status/1…

August 5, 2022
ChannelFutures

Channel People Making Waves This Week Include: @spoonen, @RoyArsan, @TheAnneChow, @AnuragTechaisle… twitter.com/i/web/status/1…

August 5, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X