The Census Bureau admits that they were hit by a cyberattack last year while they were tallying the U.S. population, but not to worry – the servers compromised weren’t being used to conduct the tally. Trust them.
According the the Inspector General, the Census Bureau missed multiple opportunities to stop the attack. How would you fare?
The agency failed to keep sufficient logs to conduct the investigation. Have you reviewed what logs you are keeping, what data is in them and how long you are keeping them – in light of conducting an investigation?
They also did not discover the attack in a timely fashion, nor, apparently, report it in a timely manner. The attack happened last January. We are only finding out about it 20 months later.
While the firewalls stopped the attempt to maintain persistence, the attackers were able to make changes. These changes included adding user accounts. Would you detect added rogue accounts quickly?
In a written response, the Census Bureau’s defense was these systems were not part of the 2020 Census, so are we good?
Credit: ABC News
This is why audit logs and alerts are so important.
Would you detect a hacker moving around in your systems?
What if the hacker was only doing reconnaissance and not making changes?
How quickly would you detect the changes?
What if the changes were only made to points of persistence (there are 208 of those in Windows 10 generation systems – I can show you those if you are interested.
You have to think like a hacker if you want to stay safe.
Based on the news, we don’t seem to be thinking that way, most of the time.