State Department reportedly suffers a cyber attack
Details of the hack are still developing
Hackers recently hit the Department of State with a cyber attack, according to Fox News and Reuters reports, The Department of Defense Cyber Command also reportedly released notifications of a potentially serious data breach.
According to a tweet by a Fox News reporter on Saturday, the breach is believed to have happened a couple of weeks ago. In a later tweet, the reporter said the extent of the breach, the investigation into the suspected entity behind it, efforts taken to mitigate it, and any ongoing risk to operations remain unclear.
However, a source told Reuters that the State Department has not experienced significant disruptions and has not had its operations impeded in any way.
"The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time," a State Department spokesperson said in a statement to Reuters.
Steven Hope, CEO and co-founder of Authlogics, told IT Pro the State Department is a juicier target for hackers than the shop around the corner.
“While we don’t know what was breached, and we may never know in this case, the fact it is listed as ‘serious’ indicates that there could be a lot behind this, either in terms of the volume of data accessed or importance of it. It would be very interesting to know how the bad guys got in to affect the breach,” Hope said.
“By far the most common way into a network is via weak authentication, e.g. breached passwords or poor MFA. After all, we do have over 12 thousand breached U.S. State Department credentials in our database alone, but again, in this case, we may never know."
Sam Curry, chief security officer at Cybereason, told IT Pro that while the State Department isn’t likely to disclose any further details of this attack, given the chaos in Afghanistan, and lingering tensions with Russia over the Colonial and JBS attacks and China for the Microsoft Exchange Server attacks, public and private sector security teams should be on high alert.
RELATED RESOURCE
Don’t just educate: Create cyber-safe behaviour
Designing effective security awareness and training programmes
“Also, allies of the U.S. across Europe, Asia-Pacific, and Africa should also be on high alert. Let's hope the perception by some that the U.S. is distracted doesn't lead to more attacks and chaos,” he said.
“The State Department attack is one of the reasons for the EDR mandate for the US Federal government agencies in the recent White House Executive Order. Having a means of finding the attacks like the one on the State Department as threat actors move in the slow, subtle, stealthy way through networks is the only option in returning defenders to higher ground above threat actors.
"Advanced prevention, building resilience, ensuring that the blast radius of payloads is minimized and generally using peacetime to foster antifragility is achievable. Today, it’s not about who we hire or what we buy. It’s about how we adapt and improve every day."
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
UK government calls on firms to sign Cyber Resilience Pledge as security sector boomsNews With new figures showing a boom in the country's cybersecurity sector, the government calling on businesses to make the most of the industry’s expertise
-
Salt Typhoon attack on US congressional email system ‘exposes how vulnerable core communications systems remain to nation-state actors’News The Salt Typhoon campaign marks the latest in a string of attacks on US government communications networks
-
Foreign states ramp up cyberattacks on EU with AI-driven phishing and DDoS campaignsNews ENISA warns of hacktivism, especially through DDoS attacks
-
A new 'top-tier' Chinese espionage group is stealing sensitive datanews Phantom Taurus has been operating for two years and uses custom-built malware to maintain long-term access to critical targets
-
‘Hugely significant’: Experts welcome UK government plans to back down in Apple encryption battle – but it’s not quite over yetNews Tulsi Gabbard, US director of national intelligence, has confirmed the UK plans to back down on plans that would see Apple forced to create a "back door" for authorities.
-
‘All US forces must now assume their networks are compromised’ after Salt Typhoon breachNews The announcement marks the second major Salt Typhoon incident in the space of two years
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be foundNews A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
