CISA sees red over government cybersecurity exercise
scmagazine
|
Contributed by: Drex DeFord
Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a report highlighting significant shortcomings in cybersecurity practices within a U.S. civilian executive branch agency. The report follows a 2023 red-teaming exercise where CISA employed tactics resembling those of nation-state threat actors and successfully compromised the agency's network, gaining access through a known Solaris vulnerability and phished Windows credentials. The red team remained undetected for a significant period, even managing to eavesdrop on the blue team's communications. Key recommendations from CISA include streamlining incident response, avoiding dependence on known indicators of compromise, and enhancing log monitoring and analysis for better attack comprehension and defense.
