U.S. Government Suffers Massive Cyberattack

The U.S. Office of Personnel Management (OPM) is reporting a cybersecurity incident that affects its systems and data. The breach may have compromised the personal information of 4 million current and former federal workers.

"Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks," according to a statement on the government site. "As a result, in April 2015, OPM became aware of the incident affecting its information technology systems and data that predated the adoption of these security controls."

OPM is working with the Department of Homeland SecurityEUs U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact. OPM is offering affected individuals 18 months of credit monitoring services and identity theft insurance at no cost.

Although it's unclear where the hack originated, Republican Senator Susan Collins, a member of the Senate Intelligence Committee, said, "While we still do not know for certain who is behind this attack, it has the hallmarks of a sophisticated attack, and we know there are countries who currently possess the capabilities to conduct such an attack, including Russia, China, and Iran."

Direct Spear Phishing

We turned to Mark Bower, Global Director of Product Management at HP Security Voltage, to get his thoughts on the breach. He told us the theft of personal and demographic data allows one of the most effective secondary attacks to be mounted: direct spear phishing to yield access to deeper system access via credentials or malware, thus accessing more sensitive data repositories as a consequence.

EUThese attacks, now common, bypass classic perimeter defenses and data-at-rest security and can only realistically be neutralized with more contemporary data-centric security technologies adopted already by the leaders on the private sector,EU Bower said. EUDetection is too late. Prevention is possible today...

Comments are closed.