What the FBI Email System Hack Means for SMBs

When it comes to cybersecurity attacks, it’s more apparent than ever that no one is immune. This includes SMBs and major government organizations like the Federal Bureau of Investigation (FBI).

In November, news emerged that hackers had targeted the FBI’s email servers. Reports said this was a sophisticated attack, reports said, and the attackers leveraged their access to send out more than 100,000 messages to a broad array of recipients to claim they were under attack and needed to be on high alert. “Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack,” the email reads, with the headline “Urgent: Threat actor in systems.”

The emails looked entirely legitimate, as they came from the FBI’s public-facing email system, and its headers were authenticated using the domain keys identified mail (DKIM) process used by Gmail to show which emails are legitimate.

While the motivation from attackers seemed to be to delegitimize another hacker, the effects of the attack could have been more drastic. Attackers could have leveraged the legitimate-looking emails from a trusted source (the FBI) to steal data, spread ransomware, or other nefarious goals.

The FBI has since remediated the vulnerability that allowed the attackers to enter the systems and send the fake emails, it said in a statement at the time, and performed further network integrity measures. It also alerted all those that could be impacted of the fake emails. However, there are still many vital lessons that can be learned from the situation:

Don’t trust emails, no matter the source. Remaining skeptical of emails wherever possible and assuming they could pose a risk to your organization is critical. If the FBI cannot be considered a legitimate source and can be potentially comprised, other partners can also be vulnerable. SMBs should train their employees thoroughly on signs of potentially compromised emails and reiterate this training regularly to combat this type of risk.

Supply chain attacks present significant risks. If 2021 has taught us anything (and it’s taught us a lot), it is that supply chain attacks are on the rise. Attackers are increasingly leveraging a third-party organization, like the FBI or other source, to compromise another organization whose employees would inherently trust that organization. SMBs should ensure they have protections in place to guard against these types of attacks or put stipulations for cybersecurity protections in their contracts with these partners or suppliers.

Practice incident response. When attacks like this arise and potentially impact your organization, an SMB should make sure to have a game plan in place for how to respond. This should include technology to help mitigate the threat and playbooks for what individual contributors need to do to secure the organization (including IT, leadership, communications, customer relations, legal and more).

As we head into 2022, attacks like this will only inevitably continue to rise. By learning from past mistakes or closely watching the latest attacks, an SMB business leader can make sure the organization is fully prepared to protect themselves and their customers from these types of incidents.

It's That Time of the Year to Use the Section 179 Tax Deduction