US Treasury Cyber Attack

By   ISBuzz Team
Writer , Information Security Buzz | Dec 14, 2020 07:42 am PST

Following media reports that the US has issued an emergency order after revealing that its treasury and commerce departments had been hacked, please see the response below from cybersecurity expert

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Stuart Reed
Stuart Reed , UK Director
December 14, 2020 3:44 pm

The growing list of significant breaches underlines the fact that cybercrime knows no boundaries and everyone must be diligent, now more than ever.

While details of this incident are still emerging, a major security theme of this year has been vulnerabilities in leading perimeter security platforms – particularly those used to facilitate secure remote access for the instant army of remote workers the COVID-19 crisis presented us with. As a result of fast implementation and scaling, patches and upgrades for these are taking far too long, and this problem appears to be getting worse. State-backed and criminal hackers have noted this opportunity and pivoted dramatically to explore it, with devastating effect. Several major compromises and breaches exploited vulnerabilities in security products, including ransomware attacks, and these vulnerabilities are a popular constant in state-backed hackers’ arsenals.

We return again to the fundamental question of how we deal with a new world where hacking is big business and we are up against some pretty smart and well-motivated adversaries. Firstly, it is important to get the basics right. Unfortunately, the most determined and motivated attacker will keep probing until they do discover a weakness. We have seen that commercial hackers can be as sophisticated and skilled as state-sponsored adversaries. There is one crucial difference, however. A state adversary is often resource and time-constrained while a commercial adversary is only constrained by economics. Economics which currently makes hacking very attractive and lucrative.

It is also important not just to rely on technology but also to rely on business processes. We believe that the traditionally separate worlds of cybersecurity and fraud need to work together much closer as we realise that cybersecurity is not just a technical issue but an organisational issue.”

Last edited 3 years ago by Stuart Reed

Recent Posts

Would love your thoughts, please comment.x