Federal Manager's Daily Report

Image: wk1003mike/Shutterstock.com

A security assessment at AmeriCorps found “an exploitable vulnerability that could result in a complete system compromise” of its headquarters IT network while 9 out of 85 employees who were sent test phishing emails interacted with them.

The review included tests of the system that supports the agency headquarters and employees’ vulnerability to phishing attacks. The former found 746 vulnerabilities “with known exploits” that had the potential to “allow unauthorized access to the target system, and there were no effective controls in place to identify malicious activities once on the system. If an exploitable system were compromised, the malicious attacker could operate for an extended time without detection,” the report said.

ADVERTISEMENT

In a test of one vulnerability, auditors “were able to execute the exploit and gain unauthorized, privileged access to the system” and extract the password file, although the passwords themselves were adequately protected, it said.

In the phishing test, the audit found that the controls for automated detection of phishing were not effective in prohibiting the emails from arriving in the user’s inbox” in the first place. Employees fell for common ruses in phishing emails including by clicking on links to review documents or undelivered emails. “Had the attack been malicious, AmeriCorps’ systems and data would have been compromised,” it said.

It said that management concurred with its recommendations, including for stronger training of employees, and provided plans and target dates for carrying them out.

Key Senate Bill Backs 4.6 Percent Raise, Would Ban Future Schedule F

TSP Accounts Shed $100 Billion this Year; Customer Service Woes Continue

Hearing Highlights Partisan Differences over Telework vs. Onsite Work

House Endorses 4.6 Percent Federal Employee Raise; Accepts Pay Add-on for Some

Federal Retirement COLA Count Hits 9 Percent

The Process of Retiring – OPM’s Benefits Determination Process

House Acts to Bar a Future Schedule F, Advances Other Workplace Provisions

‘Best Places to Work’ Rankings Have Familiar Look, but Many Scores Slip
See also,

House Republicans Revive Retirement Benefit-Cutting Proposals

Retiring from a Federal Job – Getting Started

Retiring from a Federal Job: Make Sure Your Agency Gets it Right

2022 Federal Employees Handbook