The US Census Bureau has been greatly criticized by a government inspector after a 2020 breach which could have been prevented by prompt patching.
Although the attacker was not able to accessibility servers utilized for the 2020 census, they could modify consumer account details to put together for distant code execution, according to the US Office of Inspector Normal (OIG) report.
The good thing is, the attacker’s endeavor to retain entry to the procedure by generating a backdoor was unsuccessful, many thanks to the Bureau’s firewalls. However, the report highlighted a string of failures by the Bureau, which immediately led to the attack and complicated incident reaction endeavours.
Initial, it unsuccessful to patch a critical vulnerability on its remote obtain servers that was exploited by the attacker, even with the vendor publishing a fix much more than 3 weeks earlier.
Second, it unsuccessful to immediately discover and report the incident for the reason that its SIEM was not established up to examine suspicious exercise in true-time. That made a hold off of two weeks ahead of the incident was detected.
3rd, an incident investigation was hindered simply because none of the Bureau’s remote access servers sent process logs to its SIEM system.
According to the report, the business also operated servers no for a longer period supported by the seller and did not prioritize decommissioning these, further exposing it to attacks.
Finally, the Census Bureau did not keep a official “lessons learned” session with incident responders and other stakeholders, which could have enhanced its procedures in preparing for future breaches.
The Census Bureau welcomed the comments from the OIG and repeated that “no systems or facts maintained and managed by the Census Bureau on behalf of the public ended up compromised, manipulated, or shed due to the fact of the incident highlighted in the OIG’s report.”
Some areas of this article are sourced from: