Following major cyberattacks against central government bodies in Brazil, initial investigations have found that malicious actors have used civil servant credentials to access systems.
The finding is among a series of warnings and recommendations issued by the presidency’s Institutional Security Office (GSI). Initially released last Wednesday (December 8) and edited yesterday (December 14), the alert is aimed at security managers across the federal government.
“Some intrusions have occurred using legitimate administrator [credentials],” the document noted, adding this meant attackers didn’t have to perform any actions to access system privileges.
The publication and subsequent editing of GSI’s alert emerge as Brazil’s Ministry of Health (MoH) struggles to re-establish its systems following a major ransomware attack last Friday. Systems such as ConecteSUS, which holds COVID-19 vaccination data and certificates, remain unavailable.
GSI recommended a series of security measures to be adopted by departments in the event of “malicious actions or improper use of credentials”.
As well as notifying the government’s cyberattack prevention and response center, instructions included strengthening the use of multi-factor authentication tools for all cloud system administrators.
The security office also recommended the re-evaluation of backup policies, as well as requesting cloud providers to change master passwords and implement additional security