Security Fears Prompt House to Block Google, Yahoo Cloud Services

Bare Metal Servers and Cloud Server Hosting

InetServices offers both Windows and Linux bare metal server hosting, and cloud server hosting for any small to medium size business. We also offer both PCI and HIPAA Compliant servers allowing you to achieve PCI or HIPAA Compliance without all the worries of figuring it out. InetServices offers much more than just dedicated servers and cloud servers, we offer you a complete solution to your hosting needs including Big Data, Disaster Recovery, and High Availability services.

Security Fears Prompt House to Block Google, Yahoo Cloud Services

US congressional representatives and their staffers have been blocked from Google and Yahoo cloud services while on the House of Representatives network by the House IT team, following warnings from the FBI about potential security vulnerabilities, Reuters reports. Separate and seemingly unrelated incidents involving Yahoo mail and Google cloud apps led to the blocks, which were implemented within the past two weeks, and have affected internal House communications.

Reuters reports that an email sent to lawmakers and staffers by the House Information Security Office on April 30 warns against increased phishing attacks on the House network attempting to install ransomware. The email said that the ransomware attacks came from third-party web-based mail applications, and that Yahoo mail, which appeared to be the focus of the attack, would be indefinitely blocked on the House network.

The attacks had succeeded in installing ransomware on two individuals’ devices after they clicked on Word attachments, though the infected files were retrieved without paying the ransom, a source told Reuters. The FBI issued a warning in June about remote access tools capable of stealing data, including a “BLT” Trojan found on appspot.com.

Appspot.com, where custom Google apps are hosted, has also been blocked on devices connected to the House’s Internet through WiFi or Ethernet.

“We began blocking appspot.com on May 3 in response to indicators that appspot.com was potentially still hosting a remote access trojan named BLT that has been there since June 2015,” one of the sources, a House staffer with direct knowledge of the situation, told Reuters.

A former employee of the House of Representatives told Reuters that he had created two apps hosted on appspot.com for use by congressional staffers, which they now cannot use.

Spokespeople for both Yahoo and Google said they will work with the House on a resolution of the vulnerability.

Ransomware became a significantly more common attack type in 2015, according to research by IBM X-Force, and Trend Micro predicted ransomware attacks would increase in 2016.

The US government is attempting to update Federal IT systems to make use of cloud services through the FedRAMP program, but some within the industry say the process needs to be reformed.

Source: TheWHIR