Employee used US government network for adult websites, infected infrastructure with Russian malware
An investigation into “suspicious internet traffic” conducted by the Office of Inspector General at the US Geological Survey”s Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD, revealed an employees had used US government internet infrastructure to access some 9,000 adult websites, the agency announced in a report.
Some of the websites redirected to Russian pages infected with malware, compromising the agency”s computer system as the malware spread across the entire network, reads a Management Advisory report to USGS from Matthew T. Elliott, Assistant Inspector General for Investigations. Digital forensics found the employee downloaded images onto a USB device and a personal smart phone, then connected the compromised devices to his work computer.
Two vulnerabilities were identified in the system”s security that involved web-site access and open USB ports. To head off malware in the future, the US Department of the Interior made a number of recommendations, including employee training and blocking illegal activities on government networks, particularly adult content, and prohibiting the use of USBs.
“We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history,” Elliot said. “Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems.”
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021