A virtual private network vulnerability that has been known since December. Stolen credentials of a power user. A poorly configured firewall. It didn’t take long for the hacker to own this unnamed federal agency.
In what was a matter of days, maybe weeks, this bad actor, possibly a nation state given how sophisticated the attack was, set up two remote command-and-control points, reviewed email and other documents to look for passwords and started networking hopping to find more valuable data and information.
And now the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department is laying out what happened with depth and specificity rarely seen in a public way. Without a doubt, CISA is telling other agencies, “Don’t let this happen to you.”
The use case, gently titled “Federal Agency Compromised by Malicious Cyber Actor” is a detailed example of what happens when your agency’s cyber hygiene is poor and exacerbated by the surge in remote workers.
“COVID-19 has undermined the cybersecurity of U.S. agencies. Telework and a 400% increase in attacks have allowed for intrusions. Telework places a huge strain on IT and security resources…
