Hackers Hit U.S. Office of Personnel Management
Ken Ammon, chief strategy officer at Xceedium, said that for the past 12 to 18 months, there has been a common pattern of attacks by well-funded nation-states throughout both the commercial and the government sectors. "Nearly every breach is rooted in a two-step process, and this breach appears to mimic others before it," Ammon said. "Attackers, often through targeted phishing attacks on privileged users, like systems administrators and senior-level officials, gain initial access to the network through compromised credentials, elevate their rights within the system and access critical data at the highest levels of security," he said. Given the public admission of multiple breaches, Hayter said, it must appear to threat actors all over the globe that the U.S. government's IT systems are full of holes, and the response from the United States is to play whack-a-mole every time, in a valiant attempt to close each hole. "In light of this and many other breaches, the U.S. government needs to move past checkbox compliance efforts and regularly conduct complete audits of each and every system, using experienced penetration testers who can help them continuously find and fix vulnerabilities," Hayter said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
ThreatQuotient's Trost said a common question across all breaches is how to protect against similar future attacks. "Sadly, sometimes the answer is to take advantage of the mishap to find the budget to get the missing tool, or hire a new senior analyst, or even procure annual training on the tools being used," Trost said.