Expert Comments

Expert Analsysis Of US Defense Agency Says Personal Data ‘Compromised’ In 2019 Data Breach

Expert(s):
Expert(s):

A U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been compromised “in a data breach” on a system hosted by the Defense Information Systems Agency (DISA). It’s believed Social Security numbers and other sensitive personal data and information may have been taken in the data breach between May and July 2019, but it’s not known if the data was stored on a classified system.

Experts Comments

Dot Your Expert Comments
David Emm
February 24, 2020
Principal Security Researcher
Kaspersky

A third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment.
The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent.....Read More
The news that a US Government agency has been breached highlights that no organisation, authoritative body, business or individual is immune from cyberattacks. And with our recent research showing that less than a third of businesses (31%) and charities (32%) in the UK have carried out a cybersecurity risk assessment in the last 12 months, this should serve as a stark wake-up call. There are ways that cybersecurity practices and policies can be strengthened and implemented to prevent cyber-attacks, which includes taking steps such as educating employees about risks, using password managers, installing security software, and regularly updating systems. This can put businesses on the path to fully protecting themselves against cyber-threats.  Read Less
Rosa Smothers
February 24, 2020
SVP of Cyber Operations
KnowBe4

No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees.
It’s a painful irony that the agency charged with providing secure comms for the White House has fallen victim to a data breach. Though a lot of employee information may have been disclosed during the OPM hack, this will disclose vital PII of employees hired since then. No doubt this was a state-sponsored activity; this breach will be used to further target DISA employees with admin access to highly sensitive networks.
Tal Zamir
February 24, 2020
Founder and CTO
Hysolate

But they're still using the same techniques to get their way in - though endpoints.
For years we had been seeing the number of days it takes to identify a breach reduce year over year, but just this year that number climbed again and it's because attackers are getting better and smarter at covering their tracks. But they're still using the same techniques to get their way in - though endpoints. Once an attacker has made their way onto an endpoint, it's far too easy for them to gain access to credentials and pivot their way to sensitive information. We recommend that.....Read More
For years we had been seeing the number of days it takes to identify a breach reduce year over year, but just this year that number climbed again and it's because attackers are getting better and smarter at covering their tracks. But they're still using the same techniques to get their way in - though endpoints. Once an attacker has made their way onto an endpoint, it's far too easy for them to gain access to credentials and pivot their way to sensitive information. We recommend that organizations isolate sensitive information - especially defense organizations that arguably hold some of the most valuable secrets and data. It's critical to keep this information locked-down and separate from the areas where workers conduct day-to-day activities which are more at risk.  Read Less
Ilia Kolochenko
February 21, 2020
Founder and CEO
ImmuniWeb

Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing.
The details of the reported breach are pretty obscure. At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance. However, an in-depth investigation should be urgently conducted to ascertain whether other systems or devices have been impacted. Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate .....Read More
The details of the reported breach are pretty obscure. At first glance, just one system hosting employee data had been breached and, if so, it seems to be a comparatively insignificant security incident of minor importance. However, an in-depth investigation should be urgently conducted to ascertain whether other systems or devices have been impacted. Frequently, nation-state attackers commence their attacks by breaching the weakest link accessible from the Internet and then silently propagate to all other interconnected systems in a series of chained attacks. Worse, access to personal data of the agency staff greatly facilitates a wide spectrum of sophisticated spear-phishing and identity theft attacks capable to bypass virtually any modern layers of defense. The present disclosure timeline seems to be impermissibly protracted given that the breach reportedly happened almost a year ago. This may be an indicator of attack sophistication, and what has been reported so far may just the tip of the iceberg.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords