Data Stolen Again at Department of Energy

August 8th, 2013 by admin Leave a reply »

The U.S. Department of Energy (DOE) was hacked again. The employees were notified by the government agency via email that the attackers gained personal information of 14,000 current and former employees, information including names and Social Security Numbers were compromised as per the Wall Street Journal.

This cyber attack was second this year, DOE was also hacked in February. But this is not the only government entity that’s shown itself vulnerable. Back in May, the U.S. Department of Labor’s website was also hacked and malicious code was placed on the site in this attack.

“The Department’s Cybersecurity office, the Office of Health, Safety and Security and the Inspector General’s office are working with other federal law enforcement to obtain information concerning the nature of the incident. No classified data was targeted or compromised. Once the full nature and extent of this incident is known, the Department will implement a full remediation plan.” the memo, which the Journal obtained, said.

Director of security research at Lancope, Tom Cross, told that in order to impersonate the employees in phishing attack or to steal their access credentials, attackers target information about the employees.

“Organizations need to move beyond thinking about computer attacks as involving exploit code and malicious software. Sometimes, the attackers log right in using employees access credentials and then proceed to access information on the network without using any custom malware. A defensive strategy that focuses exclusively on detecting exploits and malware cannot detect this sort of unauthorized activity.” he said.

Anthony DiBello, strategic partnerships manager, Guidance Software, said “this will not be resolved without a complete forensic analysis of the compromised system and this process may or may not have already started”.

“After a breach, an organization should take the time to learn what happened, and leverage the lessons learned to improve their systems. Otherwise, they may leave themselves vulnerable to another, similar attack,” he added.

Gidi Cohen, CEO of Skybox Security, commented that to minimize the risk of attacks from hackers and to identify them quickly, organizations need real-time visibility.

He further added “these remedies are far less expensive than undoing the damage a breach can cause from a financial standpoint, reputation and in this case, possible loss of highly confidential information. Next time, it may not just be Social Security and payroll information that these attackers are after, but information that could impact the safety of the American people.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply