The U.S. Department of Energy (DOE) has been hacked again. The government agency notified employees via email on Wednesday that attackers gained personal information, including names and Social Security numbers, of 14,000 current and former employees, according to the Wall Street Journal.
The July attack was the second this year. The DOE was also hacked in February. But it's not the only government entity that's shown itself vulnerable. In May, the U.S. Department of Labor's website was hacked and malicious code was placed on the site in the process.
"The Department's Cybersecurity office, the Office of Health, Safety and Security and the Inspector General's office are working with other federal law enforcement to obtain information concerning the nature of the incident," the memo, which the Journal obtained, said. "No classified was targeted or compromised. Once the full nature and extent of this incident is known, the Department will implement a full remediation plan."
How Could it Happen Twice?
Tom Cross, director of security research at Lancope, told us in some cases attackers target information about employees because they can use that information to impersonate those employees in spear-phishing attacks or compromise their access credentials.
"Organizations need to move beyond thinking about computer attacks as involving exploit code and malicious software," he said. "Sometimes, the attackers log right in using employees access credentials and then proceed to access information on the network without using any custom malware. A defensive strategy that focuses exclusively on detecting exploits and malware cannot detect this sort of unauthorized activity."
But how could this happen twice in a matter of months? Anthony DiBello, strategic partnerships manager, Guidance Software, told us this will not be resolved without a complete forensic analysis of the compromised system or systems -- and this process may or may not have already started.
"When incidents like this happen, people are very eager to get their systems and machines back online and working. This may cause serious loss to the forensic artifacts and the evidence to determine exactly what happened," DiBello said.
"After a breach, an organization should take the time to learn what happened, and leverage the lessons learned to improve their systems. Otherwise, they may leave themselves vulnerable to another, similar attack," he added.
Minimizing the Risk
To minimize risk and keep the hackers at bay, organizations need real-time visibility and analytics so that exposures can be identified quickly and mitigation plans can be enacted, ahead of the attack, Gidi Cohen, CEO of Skybox Security, told us.
"These remedies are far less expensive than undoing the damage a breach can cause from a financial standpoint, reputation and in this case, possible loss of highly confidential information." Cohen said. "Next time, it may not just be Social Security and payroll information that these attackers are after, but information that could impact the safety of the American people."