https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

DC Capitol Riot

US Capitol Rioters Pose Cybersecurity Threat Due to Device Access, Theft

  • Written by Edward Gately
  • January 7, 2021
It's not yet known what all the rioters got their hands on or saw.

Cybersecurity experts say U.S. Capitol rioters pose a threat to national security because they accessed and stole government officials’ devices.

And it’s not yet known what all the rioters got their hands on or saw.

Kevin Coleman is executive director of the National Cyber Security Alliance. He said Capitol rioters stole U.S. Sen. Jeff Merkley’s laptop. And any rioters ransacking House Speaker Nancy Pelosi’s office could have seen or accessed sensitive information.

The silver lining is that lawmakers’ classified information typically is stored on sensitive compartmented information facilities (SFICs), he said.

NCSA's Kevin Coleman

NCSA’s Kevin Coleman

“But the dangers and threat vectors that surface from unprotected physical devices are still very prevalent,” Coleman said. “We’ve seen screenshots of Pelosi’s email inbox already posted to Twitter, which means that perpetrators could have accessed email lists and records that can potentially be used to conduct phishing attacks.”

Don’t Underestimate the Rioters

Understating the capabilities of individuals among the Capitol rioters would be a mistake as well, Coleman said.

“It’s impossible to know at this point if any were aligned with opposing nation-state interests or if any devices that weren’t stolen might have been targets for malware installations,” he said. “Conversely, a stolen device no longer belongs to its original owner.”

Due to a lapse in device security, thieves shouldn’t have any difficulty combing through the entirety of an endpoint’s hard drive, Coleman said.

This potential security breach could compound government vulnerabilities beyond the SolarWinds hack, he said.

“While reports have asserted that any accessible data that could potentially have been stolen was unclassified and relatively low level in terms of sensitivity, this event will certainly be another wakeup call for government security teams,” Coleman said. “SolarWinds was a proof point that third-party supply chain attacks — although not incredibly sophisticated — can be devastating. It called into question how government IT teams were vetting third-party partners, how they were collecting and storing sensitive data.”

And the targeted federal organizations will have to overhaul their entire security playbooks moving forward, he said.

The Capitol riot data thefts likely won’t be anywhere near as disastrous as SolarWinds, Coleman said. But they add to the mix of security issues the government will have to sort out.

“While SolarWinds was a backend system vulnerability, yesterday’s incident proves that a lack of sufficient endpoint security can be a problem, and that continued awareness and education for staffers about not leaving key information on an idle device will be equally important moving forward,” he said.

Better Protection Could Have Been in Place

Better device security could have been in place to minimize the risk, Coleman said.

“It’s impossible to have a foolproof plan,” he said. “But it is possible to minimize risks with a layered approach that consists of better device security software, better data monitoring and storage policies, and continued education for staffers about the dangers of unprotected data.”

Jerry Ray is SecureAge‘s COO. He said Wednesday’s Capitol rioters brought an “empirical and tangible threat” to systems and data throughout the Capitol.

SecureAge's Jerry Ray

SecureAge’s Jerry Ray

“Whether an unsuspecting and gleeful Trump supporter lost in the moment and running in for the selfies, or a trained agent of a foreign government sporting a MAGA hat and face gaiter armed with USB flash drives, malicious dongles or peripherals to attach to systems, the mere presence of unauthorized people in the offices of legislators renders every system and every file compromised and dirty,” he said.

Any digital device within those Capitol office spaces and exposed to intruders now poses a threat, Ray said.

“Even a quick grab of a sticky note with a handwritten password on it opens up entire networks of information with national security implications to compromise,” he said.

Less Obvious Threats

Personal information left behind during the evacuation poses less obvious threats, Ray said.

“Using that information for identity theft is just as likely as it is for sophisticated phishing attacks or unsophisticated blackmail attempts for monetary or espionage purposes,” he said.

All account names, passwords, keys, directory path and file names need to be changed, Ray said.

The long-term strategy includes a lengthy and comprehensive sweep of all devices, Coleman said. In the short term, Capitol IT teams will have to prioritize any glaring vulnerabilities before combing through other devices.

“Additionally, we’re not truly privy to how exhaustive the IT team’s network monitoring and policy management protocols are,” he said. “Is there a detailed record of every login attempt? Can they cross-reference timestamps of any attempts to determine unauthorized access? And do compromised devices have encryption automatically enabled? These are all very important questions that government security teams and officials will need to reassess.”

Tags: MSPs Endpoint MSSP Insider Network Training and Policies

Related


  • Risk, Threat, Vulnerability Assessment
    Tenable Research: Publicly Known Vulnerabilities Increased in 2020
    Ransomware was by far the most popular attack vector in 2020.
  • SMB cybersecurity
    SMBs’ Cybersecurity Risk Awareness Is Rising
    The majority of SMBs would switch MSPs for the right cybersecurity support.
  • Cybersecurity Roundup
    Democrats to Take Charge of Federal Cybersecurity in Election Aftermath
    Democrats will have their hands full when dealing with federal cybersecurity.
  • 2021 - The Year of Extortion
    Expect 2021 to Be Fraught with Cybersecurity Threats
    Ransomware, insider threats, VPNs, weak APIs. Here's what MSPs/MSSPs need to know for 2021.

One comment

  1. Avatar Sam Vaughn January 8, 2021 @ 5:35 am
    Reply

    Interesting that you chose the word rioters. We had an entire summer of “protesters” burning, looting, attacking innocent people, they invaded and occupied the Senator chambers and some deaths, but they were still peaceful protesters. Now, by some estimates we have tens of thousands of peaceful protesters upset that there votes were potentially stolen, a valid concern and the entire bunch is branded rioters when the reality is a handful of people were let in by Capitol police led by a bunch of guys doing the damage that look like Antifa.
    Where is your sense of perspective.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Organizations’ COVID-19 Rush to Remote Work About to ‘Backfire’
  • IBM: Cybercriminals Could Disrupt COVID-19 Vaccine Supply Chain
  • FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers
  • Acronis Cyber Threats Report: 2021 Will Be 'Year of Extortion'

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

Help Your Customers Mitigate Malware: Viruses, Worms, and Trojans…Oh My!

January 15, 2021

SMBs’ Cybersecurity Risk Awareness Is Rising

January 13, 2021

Your Cloud Data Is Protected, But Is It Portable?

January 12, 2021

Webinars

View all

Blueprint for a Scalable MSSP Practice in 2021

January 21, 2021

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@IBMServices snaps up #MSP Taos for #hybridcloud expertise. dlvr.it/RqggQR https://t.co/Fy3uPDtLNw

January 16, 2021
ChannelFutures

.@LenovoBusiness launches its thinnest #ThinkPad to date @CES, revamped ThinkBooks and #ThinkReality glasses.… twitter.com/i/web/status/1…

January 16, 2021
ChannelFutures

Help your customers mitigate #malware @Tech_Data #cryptolocker #antivirus #ransomware #cybersecurity… twitter.com/i/web/status/1…

January 15, 2021
ChannelFutures

Advantages of the Subscription business model for MSPs and IT Resellers @kaspersky dlvr.it/RqgDJn https://t.co/ay694fudp3

January 15, 2021
ChannelFutures

Cloud #distributor @Pax8 launches in UK with leadership team in place. dlvr.it/RqfJWx https://t.co/RsKDCowM5V

January 15, 2021
ChannelFutures

bit.ly/3oO2vFY twitter.com/Craig_Galbrait…

January 15, 2021
ChannelFutures

The Ultimate MSP Guide to Sales Efficiency @zomentum dlvr.it/Rqc63q https://t.co/rHIVLkR01K

January 15, 2021
ChannelFutures

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools dlvr.it/Rqc62k https://t.co/MQDcIYc7G9

January 15, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X