Several US federal government agencies have been hit by Russian cybercriminals exploiting a vulnerability in widely used software. The US Cybersecurity and Infrastructure Security Agency (CISA) is providing support. Aside from US government agencies, several hundred companies and organizations in the US could be affected by the hacking spree, a senior CISA official confirmed.
Do they know something you don’t?
This breach comes on the heels of CISA’s June 13th Binding Directive that requires all agencies to address vulnerabilities in their internet-enabled management tools.
As agencies and organizations have gained better visibility of their networks and improved endpoint detection and response, threat actors have adjusted tactics to evade these protections by targeting network devices supporting the underlying network infrastructure.
Threat actors have exploited certain classes of network devices to gain unrestricted access to organizational networks leading to full-scale compromises.
Inadequate security, misconfigurations, and out-of-date software make these devices more vulnerable to exploitation. This Directive requires Federal agencies to take steps that reduce the attack surface.
DataLink encourages our private sector clients to review CISA’s guidance and best practices to better detect and defend against cyber-attacks.
Get your shields up! If you need help, DataLink has the experience, tools, and best practices to harden your defenses against cyber-attacks.
Contact DataLink today.
(410) 729-0440 | Email