Written by The Realist Juggernaut Staff
Stolen login credentials and compromised accounts continue to be the primary method hackers use to infiltrate federal civilian agency systems, according to the latest findings from the Cybersecurity and Infrastructure Security Agency (CISA). This year’s Risk and Vulnerability Assessments (RVAs) show that, despite growing awareness, agencies remain vulnerable to attacks that exploit weak or stolen account information.
CISA conducted 143 audits on federal civilian agencies in 2023, marking an increase from the 121 audits performed in 2022. These assessments, carried out in collaboration with the U.S. Coast Guard (USCG), are designed to simulate the kinds of cyberattacks regularly launched by nation-state actors and other threat actors. The importance of these tests is underscored by real-world examples, such as the past attacks by China-affiliated hackers, which have targeted U.S. federal systems.
For the second consecutive year, the audit revealed that “Valid Accounts” — a term referring to the use of default, stolen, or former employee accounts — represent the most common and successful method for attackers to gain entry into federal networks. CISA found that this technique was responsible for 41% of successful breaches, with the use of default or easily guessed passwords, as well as administrator and former employee accounts that had not been deactivated, being the primary points of vulnerability.
One key aspect of this risk is the widespread availability of compromised account credentials through initial access brokers. These brokers specialize in gathering and selling account information, providing cybercriminals and nation-state actors with the access they need to launch further attacks. Once an attacker has access to these credentials, they can use tactics like password hash cracking to elevate their privileges, with CISA reporting that 89% of USCG assessments resulted in successful access to Domain Administrator accounts using this technique.
In addition to stolen accounts, CISA found that phishing and the exploitation of common vulnerabilities remain significant threats to federal agencies. The report pointed out that many of these vulnerabilities are the result of weaknesses in secure-by-design principles or misconfigurations that leave systems exposed to opportunistic attacks.
CISA clarified that, while their assessments do not directly mimic the behavior of adversaries, their tests identify weaknesses that could be exploited under real-world conditions. “We locate any conditions present in the environment or use opportunistic techniques,” CISA explained.
The findings serve as a stark reminder of the persistent challenges federal agencies face in securing their systems. As hackers continue to find success with basic techniques like account theft and password cracking, the need for improved security measures—such as multi-factor authentication, stronger password policies, and rigorous account management—has never been more critical.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
