On December 5, 2023, The CISA (Cybersecurity and Infrastructure Security Agency) announced that a cyber-attack had occurred against the United States government. It is stated that con artists hacked it through vulnerabilities of outdated software.
Microsoft Defender for Endpoint detected an intrusion and alerted the agency that unknown malicious actors hacked into the Federal government's server. They were able to do this through a known vulnerability within an 'end of life' Adobe software called ColdFusion that no longer received updates.
Tech Crunch states, "End-of-life" software means that the developer has publicly announced it will no longer be supported or receive further software or security updates." This ultimately means they could do nothing about the vulnerability, even if they wanted to patch it up.
With further research, the CISA stated that while hackers were able to break into the agency's server, there was no evidence that any malicious activity occurred. However, the con artists may have looked around within the agency's network. The agency believes the hackers' goal was to map the network (TechCrunch).
Currently, the CISA will not give further information on who the agency believes is responsible for the attack.
What Did Users Say About This Attack?
The attack targeting government systems raised concerns about the security measures in place and the pace of technological upgrades. In a Reddit conversation, users had much to say about the government's response and the exposed vulnerabilities.
One user stated that the agency is known for being sluggish in migrating from outdated software. Another user countered this claim, mentioning that critical systems on Windows XP are still supported by Microsoft for security updates.
Praise for Microsoft's Defender was also highlighted, where some users acknowledge the effectiveness of their extended detection and response (XDR) solution. However, the delayed response from a federal agency in patching known vulnerabilities was also highlighted.
Some users called for legislation regarding software/devices that can no longer receive updates, advocating to address security concerns.
Overall, it is essential to note that running any end-of-life software is risky for your devices and the company as a whole because it cannot be updated to patch vulnerabilities, exposing your company to cyber-attacks. Please ensure your devices have the latest software/updates to avoid threats to you and your company.
If you have any questions about staying safe from cyberattacks, please get in touch with us!