A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been compromised “in a data breach” on a system hosted by the Defense Information Systems Agency (DISA). It’s believed Social Security numbers and other sensitive personal data and information may have been taken in the data breach between May and July 2019, but it’s not known if the data was stored on a classified system.
https://twitter.com/TheKellyLlama/status/1230723570315038722
The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent cyber-attacks, which includes taking steps such as educating employees about risks, using password managers, installing security software, and regularly updating systems. This can put businesses on the path to fully protecting themselves against cyber-threats.
It’s a painful irony that the agency charged with providing secure comms for the White House has fallen victim to a data breach. Though a lot of employee information may have been disclosed during the OPM hack, this will disclose vital PII of employees hired since then. No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees with admin access to highly sensitive networks.
For years we had been seeing the number of days it takes to identify a breach reduce year over year, but just this year that number climbed again and it\’s because attackers are getting better and smarter at covering their tracks. But they\’re still using the same techniques to get their way in – though endpoints. Once an attacker has made their way onto an endpoint, it\’s far too easy for them to gain access to credentials and pivot their way to sensitive information. We recommend that organizations isolate sensitive information – especially defense organizations that arguably hold some of the most valuable secrets and data. It\’s critical to keep this information locked-down and separate from the areas where workers conduct day-to-day activities which are more at risk.
The details of the reported breach are pretty obscure. At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance.
However, an in-depth investigation should be urgently conducted to ascertain whether other systems or devices have been impacted. Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks. Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense.
The present disclosure timeline seems to be impermissibly protracted given that the breach reportedly happened almost a year ago. This may be an indicator of attack sophistication, and what has been reported so far may just the tip of the iceberg.