US Treasury was just the tip of the iceberg

Reuters reported on Dec 13, 2020 that several high-profile government departments have been hacked, and had been compromised as far back as March of this year. Early research points to Russian military-backed advanced persistent threat group known as “Cozy Bear” who utilized what’s known as a supply-chain exploit to penetrate the US Commerce, Treasury and Homeland Security departments, as well as up to 18,000 other US government and business targets. At the moment, officials confirm that the Russian hackers had full access to internal emails of the US Treasury and Commerce departments, but security researchers fear that this is only a small part of what is looking like a huge breach.

“Welcome to the club?”

While you might be tempted to savor some schadenfreude at their expense, the implications of this attack will be profound for the government and many Fortune 500 companies that were also likely compromised. This is also a bad look for managed service providers like C2, as source of the breach was MSP giant Solar Winds who, ironically, provides the technology management and security for the hacked government entities, and, whose own security monitoring platform was the source of the compromise.

As you’ve heard me say numerous times, there is no amount of money spent or technology applied that will provide you with a bullet-proof, perfectly secure environment. The fact that the largest MSP in the US can itself be compromised and used as a weapon against its own customers demonstrates this lesson unequivocally. The best protection from malware attacks and security breaches is a multi-layered approach:

1. In addition to having proper antivirus and spam filtering, firewalls and updated software, your employees should be trained regularly on technology security.
2. Your critical data should be backed up offsite. Not just server data, but possibly email and files on company principals’ personal computers. Remember cloud filesharing does not equal backup.
3. You should review your company’s security policy, especially if it hasn’t been updated with work-at-home specifics, and make sure that employees get a refresher on any changes made to the policy.
4. Your company should have at least an outline or basic disaster recovery and business continuity plan.
5. If you don’t already have it, consider acquiring cyber liability insurance that will cover security breaches, especially if you are a part of a regulated industry that deals with confidential data for clients and customers.