Just this past week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported that a federal agency was hit with a malware attack from an unknown source. This proves that even federal agencies can have vulnerabilities. The attack first started with a set of an internal user’s Office 365 credentials. Then, other passwords and VPN information were searched through the user’s email database. Here is a detailed breakdown from The Threat Post’s article:

After initial access, the group set about carrying out reconnaissance on the network. First, they logged into an agency O365 email account to view and download help-desk email attachments with ‘Intranet access’ and ‘VPN passwords’ in the subject lines – and it uncovered Active Directory and Group Policy key, changing a registry key for the Group Policy.

Once they had the necessary tools in their hands, they were able to begin data exfiltration and, eventually, all the small-scale vulnerabilities added up to a big exposed vulnerability for a U.S. federal agency. Although the attack has since been remediated, through one user's credentials, cybercriminals were able to drop malware and collect confidential Federal data.

To learn more about this incident, read the full article here.


Get in touch with i3 Business Solutions today

At i3 Business Solutions, we use the best technology to partner with local businesses to transform IT departments and improve business productivity. Contact us here or fill out the form below:
Published with permission from TechAdvisory.org. Source.