Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Department of Defense. Show all posts

Defense Department Notifies 20,000 People of Data Breach Due to Email Leak

 


It has surfaced that the U.S. Department of Defense (DOD) has reached out to around 20,600 individuals to inform them about a data breach that took place last year. The breach, disclosed in a letter sent on February 1, 2024, brings to light an unintentional exposure of multiple email messages by the Defense Intelligence Agency, the DOD's military intelligence branch. This incident occurred between February 3 and February 20, 2023, and has raised concerns about the security of personal information.

This breach was traced back to an unsecured U.S. government cloud email server hosted on Microsoft's cloud service for government clients. The server, due to a misconfiguration, was accessible without a password, potentially putting sensitive information at risk. The compromised server contained around three terabytes of internal military emails, including data related to U.S. Special Operations Command (SOCOM) and personnel information.

The breach was first identified by security researcher Anurag Sen, who discovered the exposed data online. After seeking assistance from TechCrunch, the information was reported to SOCOM on February 19, leading to the server's securement on February 20. The DOD is now in the process of notifying affected individuals about the incident.

According to DOD spokesperson Cdr. Tim Gorman, the affected server was promptly removed from public access, and the service provider resolved the issues that led to the exposure. The DOD continues to collaborate with the service provider to enhance cyber event prevention and detection. However, it remains unclear why the DOD took a year to investigate the incident and notify those affected.

The exposed emails were accessible using only a web browser and included sensitive, unclassified information such as questionnaires from prospective federal employees seeking security clearances. Microsoft, the cloud service provider, has not yet responded to requests for comment on the matter.

In the aftermath of the breach, it's crucial for individuals to remain vigilant and take necessary precautions to protect their personal information. The incident underscores the importance of cybersecurity measures and highlights potential risks associated with misconfigurations in cloud services.

As the DOD strives to improve its cybersecurity protocols, ongoing communication with affected individuals and transparency about the incident are paramount. Readers are encouraged to stay informed about cybersecurity best practices and be cautious with online data to mitigate potential risks in an increasingly interconnected digital world.


DoD Claims: China’s ICS Cyber Onslaught Aims at Gaining Strategic Warfare Advantages


According to the US Department of Defense (DoD), China's relentless cyberattacks on vital infrastructure are likely a precautionary measure intended to obtain a strategic advantage in the event of violent warfare.

The Cyber Strategy released earlier this week by DoD has mentioned an increase in the state-sponsored cybercrime from People's Republic of China (PRC), particularly against sensitive targets that could affect military responses. 

According to the agency, this is done in order to "to counter US conventional military power and degrade the combat capability of the Joint Force."

The DoD claims in their report that the PRC "poses a broad and pervasive cyberespionage threat," monitoring movements of individual beyond its borders, and further acquiring technology secrets, and eroding the capabilities of the military-industrial complex. However, the NSA cautioned that the operation goes beyond routine information collecting.

"This malicious cyber activity informs the PRC's preparations for war[…]In the event of conflict, the PRC likely intends to launch destructive cyberattacks against the US Homeland in order to hinder military mobilization, sow chaos, and divert attention and resources. It will also likely seek to disrupt key networks which enable Joint Force power projection in combat," the report stated.

An Increasing Chinese Focus on Military Degradation

The notion that cyber activities can signal impending military action is consistent with predictions made earlier this year in the wake of the Volt Typhoon attacks by Microsoft and others. With a series of compromises that targeted telecom networks, power and water controls, US military bases at home and abroad, and other infrastructure whose disruption would interfere with actual military operations, the Beijing-backed advanced persistent threat (APT) made national headlines in the US in May, June, and July.

However, the operational technology (OT) used by the victims has not yet been impacted by the compromises. But, CISA Director Jen Easterly warned at Black Hat USA in August that if the US gets involved in a potential invasion of Taiwan, the Chinese government may be positioning itself to launch disruptive attacks on American pipelines, railroads, and other critical infrastructure.

"This APT moves laterally into environments, gaining access to areas in which it wouldn't traditionally reside[…]Additionally, this threat actor worked hard to cover their tracks by meticulously dumping all extracted memory and artifacts, making it difficult for security teams to pinpoint the level of infiltration," says Blake Benson, cyber lead at ABS Group Consulting.

Taking into account the military-focused cyber activities that can potentially entail collateral damage to bystander business, there could also be a sort of ‘anti-halo effect’ at work, according to John Gallagher, vice president of Viakoo Labs at Viakoo.

"Virtually all exploits launched by nation-states 'leak' over to non-nation-state threat actors[…]That means organizations who depend on IoT/OT systems will be direct targets at some point to the same threats being launched against national critical infrastructure," warns Gallagher.