The recent large-scale cyberattack against numerous federal agencies serves as a stark reminder of the persistent cyber threat facing both governmental bodies and private sector organizations.
An IBM report indicates that each data breach could cost governmental agencies an average of $2.07 million. In 2018 alone, the U.S. government spent a staggering $13.7 billion due to cyberattacks, as per Security Intelligence.
The ransomware group, reputedly Russian-speaking and responsible for the latest breach, exploited a loophole in the software application known as MOVEit, commonly used by government bodies for file transfer.
The Department of Health and Human Services (HHS) was one of the agencies targeted in the cyber onslaught.
Rex Booth, Chief Information Security Officer at SailPoint, a technology firm, warned of the potential risk since the software is widely employed in both the federal government and private companies and could hold sensitive data, including HR files and audit reports.
While the complete ramifications and extent of the attack are still being probed, the deliberate targeting of multiple agencies simultaneously is a serious concern, experts opine.
Ryan Lasmaili, CEO and co-founder of Vaultree, a data encryption company, cautioned that the constant threat of cyberattacks is a reality for U.S. agencies and global businesses. The recent breach by the CLoP group serves as a potent reminder of this reality, Lasmaili conveyed through an email.
Emil Sayegh, President and CEO of Ntirety, a data security firm, highlighted the gravity of the recent attack, drawing parallels with the infamous SolarWinds incident. He warned about the vulnerability of our infrastructure and the potential for major breaches, reminiscent of the SolarWinds attack.
The recent cyber onslaught shows that the lessons from the SolarWinds hack are still highly relevant, stated Jason Blessing, a research fellow at the American Enterprise Institute.
Sayegh further added that cyberattacks of this nature raise apprehensions about national security, the safeguarding of sensitive information, and possible disruption of vital services.
Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), mentioned in a press call that her agency, in conjunction with the FBI, is striving to gauge the magnitude of the issue and extend support to the federal agencies affected by the hack.
Affected federal departments include the Department of Energy and the Department of Health and Human Services (HHS). Reuters reported that two facilities of the Department of Energy did receive ransom requests from the CLoP ransomware group, contrary to initial reports.
Cyrus Walker, Founder and Managing Principal at Data Defenders, a cybersecurity firm, suggested that federal agencies must bolster and synchronize their countermeasures, including sharing real-time threat intelligence across agencies and with the private sector.
Booth agreed that federal agencies, like any other organizations, need to enhance their software supply chain security. He suggested regular inventory checks of their vendors and testing the software periodically for any security issues.
The FBI has called upon the public and organizations employing the MOVEit software to read the joint cybersecurity advisory by FBI and CISA, to comprehend the threat and mitigate potential cyberattacks.
Comments