The Feds were hit with a breach: here’s how it happened

September 29th, 2020
The Feds were hit with a breach: here’s how it happened

Just this past week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that a federal agency was hit with a malware attack from an unknown source. This proves that even federal agencies can have vulnerabilities. The attack first started with a set of an internal user’s Office 365 credentials. Then, other passwords and VPN information were searched through the user’s email database. Here is a detailed breakdown from The Threat Post’s article:

After initial access, the group set about carrying out reconnaissance on the network. First, they logged into an agency O365 email account to view and download help-desk email attachments with ‘Intranet access’ and ‘VPN passwords’ in the subject lines – and it uncovered Active Directory and Group Policy key, changing a registry key for the Group Policy.

Once they had the necessary tools in their hands, they were able to begin data exfiltration and, eventually, all the small-scale vulnerabilities added up to a big exposed vulnerability for a U.S. federal agency. Although the attack has since been remediated, through one user's credentials, cybercriminals were able to drop malware and collect confidential Federal data.

To learn more about this incident, read the full article here.

At i3 Business Solutions, we know that if federal agencies can get hit with malware, cybercriminals are out there attacking small to medium sized businesses just as often, if not more. If you’re in the West Michigan area, i3 can help your small business be prepared with the best and most appropriate security toolsets. To get help, get started with a free business security assessment today. All you need to do is call 616-719-4100 for an appointment or fill out the form below to reach us. Let’s talk!