An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.
While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.
CISA explained the breach this way: “The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.”
In essence, the hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts.
Investigators weren’t able to determine how the hacker initially obtained the credentials. But the agency said it was possible that the hacker obtained them by exploiting a The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited a known weaknesses in the agency’s vulnerability in Pulse Secure virtual private network servers.
SharePoint was identified as the target for stored files, which were downloaded successfully.
This hack need never have been a concern.
Government Data Protection
One of the primary reasons we at BLAKFX invented the Helix22 is to protect government national security and infrastructure. Whether defense information, top secret communications, the electrical grid, a dam or an airport, more and more operations and infrastructure are becoming an attack target. Terrorism and espionage has evolved dramatically from the use of physical devices to destroy critical infrastructure. In today’s new global cold war, cyber terrorism is a much greater threat. Your enemies do not need to physically damage a power plant to shut down the grid, rather just hack into it. Hacking also is proving to be more effective and is a more intrusive means of affecting national security.
The risks are exponentially greater for infrastructure projects than say a typical attack against a business. When attacking a business, quite often the motivation is simply financial gain and/or competitive advantage. With governmental infrastructure programs, the risk is to the citizens that might be effected by the attack. For example, in 2015, the power grid in Ukraine was repeatedly shut down by cyber attacks. In March of 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced that the US energy sector was attacked as a means of shutting down natural gas pipelines. The attack disrupted operations across various critical systems operators, which meant that an entire pipeline involved was shut down for two days. The government of Australia has been repeatedly targeted day after day for the past several months.
The bottom-line. is that for national security, data needs to be protected not just to avoid data leakage and the costs involved, but to ensure control and command.
Major General (ret) Steve Sargeant
BLAKFX Advisor
Innovative & Patented Helix22 Cryptography
Enter the Helix22 SDK. It was designed purposely to protect national security and infrastructure. This is a monumental and historic task that required a different approach. Almost all other data security products try to build a secure perimeter or being fanatic on user credentials. However, once the product is breached or a password is stolen, even if it is 2FA or encrypted, your nations data is in the clear.
You see, the Helix22 cryptography is embedded with the data itself through our inventive and patented process of DNA BindingTM. Therefore, even if credentials are stolen the data cannot be exfiltrated. This means that all data is 100% protected regardless of the type of attack.
With our DNA BindingTM, the encryption protocol embeds directly with the data. Therefore, national security information and infrastructure data is always 100% secure regardless of the type of attack. Therefore, even in the case of an internal attack of the core operational technology, the data cannot be accessed or manipulated.
As in this example, even if someone has stolen credentials, any data that is copied, downloaded, forwarded or saved is rendered useless to 3rd parties as the source data cannot be exfiltrated.
Helix22 protects all data whether at rest, in use or in transit. Other data security encryption products normally just protect data during transmission.
User2User (U2U) Encryption – Tested and Quantum Ready
At BLAKFX, we manage data protection through the truly brilliant and patented pending universal Helix22 key service. The genius is that the Helix22 encryption originates on your device. By the time the data arrives to our key server, it is already encrypted so all we need to do is issue another key. This key will then only work with the receiving device, which generates the matching key required to open the data. In this protocol, we are truly a “zero-knowledge” server and even if subpoenaed, we can honor the request by just handing over the encrypted gibberish…as that is all we have. Further, Helix22 also only use keys one-time and then destroys them. This way the data security is future forward prefect. Therefore, in our unique user2user encryption (U2U) world, there is zero opportunity at all for any data breach.
Our patented encryption we have developed is mutli-layered and superbly designed. It has proven to be unhackable. We have tested with MI5 and our founders developed Wickr, which since its inception in 2012 has never been hacked and is now utilized by the US military for their communications. Helix22 has been exponentially imagined and secured over that period.
Finally, the Helix22 SDK has withstood quantum computing testing and is ready for the future.
We like to say we have delivered “22nd Century Data Security.”
Helix22 – Zero Risk
To read the advisory from CISA, click here