SECURITY
SECURITY
SECURITY
DHS discloses data breach of US agency but doesn’t name which was hacked
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency today issued an analysis report in relation to a U.S. federal agency that has suffered a data breach after being hacked.
CISA didn’t name the federal agency targeted, but the report makes for sober reading in terms of cybersecurity, and in this case, the basic steps the unnamed agency did not take to prevent the attack.
The attack, detected by EINSTEIN, CISA’s intrusion detection system, involved a malicious actor leveraging compromised credentials to insert “sophisticated” malware that evaded the affected agency’s anti-malware protection. Once through the door, the malware gained persistent access through two reverse Socket Secure proxies that exploited weaknesses in the agency’s firewall.
Those behind the attack gained access to the unnamed U.S. government agency by compromising an Office 365 account. Then it becomes more interesting in that CISA believes that it’s possible that the attacker obtained the credentials from an unpatched agency virtual private network server by exploiting a known vulnerability in Pulse Secure, called CVE-2019-11510.
The attacker stole various types of data as well as modifying settings on the server to which they gained access. “The mounted file share allowed the actor to freely move during its operations while leaving fewer artifacts for forensic analysis,” CISA said.
That CISA did not name the agency is of concern in and of itself, given that there could be U.S. national security concerns involved. It could have involved a nation-state sponsored hacker stealing U.S. secrets or alternatively it could have involved the U.S. Department of Agriculture and the hacker stole data on cornfield yields in Oklahoma.
The news that an unnamed U.S. federal agency has suffered a cyberattack came after the DHS finally admitted Wednesday, albeit via an investigation, that photos that were part of a facial recognition pilot program were hacked from a Customs and Border Control subcontractor.
News of the hack was first reported in June 2019 and involved Perceptics, a maker of license-plate reader hardware and software used by CBP. The data stolen included pictures of vehicles and pictures of people crossing borders along with internal data from Perceptis such as internal emails and databases, documentation and client details, blueprints and backups.
The disclosure came via a report published Sept. 21 by the U.S. Office of the Inspector General, DHS, a “review of CBP’s major cybersecurity incident during a 2019 biometric pilot.”
Photo: UpstateNYer/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
