BACKGROUND:
The U.S. State Department was recently hit by a cyber-attack and notifications of a “possible serious breach” were issued, according to a series of tweets by Fox News reporter Jacqui Heinrich. It’s unclear when the breach was discovered, but it’s believed to have happened a couple of weeks ago. The Department of Defense’s Cyber Command made the notifications, Heinrich said. “The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” a State Department spokesperson said in a statement. “For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
<p>The recent cyberattack against the U.S. State Department is a reminder that anyone and everyone can be hit and will be hit. Today, it is a matter of how quickly threats are discovered and how quickly they are stopped. Overall, the State Department’s networks are big and they are presumably getting attacked by nation states, terrorists and other adversaries on a daily basis. However, without more data on the recent attack, it would be premature to make assumptions on the motives or groups involved in this latest action.</p>
<p>There\’s no shame in being attacked, and disclosing it properly is laudable. There\’s a world of difference between an infrastructure beach where a nation state, rogue group or hacktivist gets in and an information or material breach that causes damage. While the State Department isn’t likely to disclose any further details of this attack, given the current chaos on the ground in Afghanistan and lingering tensions with Russia over the Colonial and JBS attacks and China for carrying out the Microsoft Exchange Server attacks, public and private sector security teams should be on high alert. Also, allies of the U.S. across Europe, Asia-Pacific and Africa should also be on high alert. Let\’s hope the perception by some that the U.S. is distracted doesn\’t lead to more attacks and chaos.</p>
<p>The State Department attack is one of the reasons for the EDR mandate for the U.S. Federal government agencies in the recent White House Executive Order. Having a means of finding the attacks like the one on the State Department as threat actors move in the slow, subtle, stealthy way through networks is the only option in returning defenders to higher ground above threat actors. Advanced prevention, building resilience, ensuring that the blast radius of payloads is minimized and generally using peace time to foster antifragility is achievable. Today, it’s not about who we hire or what we buy. It’s about how we adapt and improve every day.</p>
<p>As we always say: it’s a question of “when”, not “if” you will be a target. The U.S. State Department is no exception. In fact, they are a juicier target for hackers than the shop around the corner. While we don’t know what was breached, and we may never know in this case, the fact it is listed as “serious” indicates that there could be a lot behind this, either in terms of volume of data accessed or importance of it. It would be very interesting to know how the bad guys got in to affect the breach. By far the most common way into a network is via weak authentication, e.g. breached passwords or poor MFA. After all, we do have over 12 thousand breached U.S. State Department credentials in our database alone, but again, in this case, we may never know.</p>
<p>Clarity and transparency are absolutely vital in the aftermath of an attack, but history has shown us that many organisations have attempted to delay or avoid any discussions that may negatively impact them. Being open from the outset shows not only a good degree of honesty, but also offers those affected the best chance of cleaning up the data leak and repairing any damage that may be caused thereafter. Once this information is out on the dark web and sold, it is assumed lost forever – but the longer it takes for affected individuals to be notified, the problems such as identify theft and targeted phishing attacks increase exponentially.</p>