create account

CISA Disclosed Malware Attack On A Federal Agency Network by twr

View this thread on: hive.blogpeakd.comecency.com
breachedcredentials · @twr ·
CISA Disclosed Malware Attack On A Federal Agency Network
<center>https://latesthackingnews.com/wp-content/uploads/2020/06/malware-attack.jpg</center> <br/>The Cybersecurity and Infrastructure Security Agency (CISA) have disclosed a cyber attack on a federal agency. According to CISA, a malware attack targeted the enterprise network of the unnamed federal agency.
<h2>Malware Attack On Federal Agency</h2>
US CISA has shared a detailed <a href="https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a" target="_blank" rel="noopener noreferrer">incident response report</a> about a malware attack that targeted a federal agency. While CISA hasn’t disclosed the name of the agency, it did reveal the details of the incident.

Briefly, CISA detected the attack via its intrusion detection system EINSTEIN that “monitors federal civilian networks”.

They found that the attackers succeeded in intrusion as they possessed valid access credentials to Microsoft Office 365 accounts of multiple users and domain admin accounts. Through these valid credentials, they could access the agency’s internal network

It isn’t clear how they managed to get these credentials in the first place. Yet, they suspect the exploitation of a known Pulse Secure VPN vulnerability, <a href="https://latesthackingnews.com/2019/10/06/uk-spy-agency-alerts-users-of-numerous-vpn-vulnerabilities-under-exploit/" target="_blank" rel="noopener noreferrer">CVE-2019-11510</a>, on an unpatched server to be the reason for it.

After achieving the initial access, the attackers then viewed and downloaded email attachments from a compromised account, and performed various activities.

Besides meddling with the system, the attackers also deployed malware on the agency’s network with persistence. They even disabled the anti-malware protection on the system.
<h2>How To Prevent Such Incidents?</h2>
While elaborating on the cyberattack on the anonymous federal agency, CISA has also shared various recommendations to prevent such incidents.

Some of these measures include,
<ul>
 <li>Deploying an enterprise firewall</li>
 <li>Blocking unused ports</li>
 <li>Using separate admin accounts on segregated systems</li>
 <li>Employing multi-factor authentication on privileged accounts</li>
 <li>Securing RDP and remote access solutions</li>
 <li>Implementing endpoint protection measures</li>
 <li>Keeping the software up to date</li>
</ul>
Besides, CISA noted the attack to have happened in a multi-stage process involving several IP addresses and C2. So, they recommend everyone to look up for these as IoC.

Also, they have asked to check for any unusual open ports, large outbound files, and unexpected or unapproved protocols, particularly, outbound to the internet. <br /><center><hr/><em>Posted from my blog with <a href='https://wordpress.org/plugins/steempress/'>SteemPress</a> : https://latesthackingnews.com/2020/09/30/cisa-disclosed-malware-attack-on-a-federal-agency-network/ </em><hr/></center>
👍  , ,
properties (23)
authortwr
permlinkcisadisclosedmalwareattackonafederalagencynetwork-pzs3a01icg
categorybreachedcredentials
json_metadata{"community":"steempress","app":"steempress","image":[""],"tags":["breachedcredentials","cisa","credentialstuffing","credentials","cyberattack"],"canonical_url":"https://latesthackingnews.com/2020/09/30/cisa-disclosed-malware-attack-on-a-federal-agency-network/"}
created2020-09-30 18:40:00
last_update2020-09-30 18:40:00
depth0
children0
last_payout2020-10-07 18:40:00
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length2,944
author_reputation3,920,126,340,806
root_title"CISA Disclosed Malware Attack On A Federal Agency Network"
beneficiaries
0.
accountsteempress
weight1,500
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id99,897,974
net_rshares74,479,555,303
author_curate_reward""
vote details (3)
Help/Feedback