The Wall Street Journal reports that Russian government hackers stole information on how the U.S. government defends against cyber attacks, and how it breaches foreign computer networks, after a third-party contractor for the National Security Agency (NSA) moved the highly classified information to his home computer.
The incident took place in 2015, but wasn’t detected until the spring of 2016.
According to the report, the hackers leveraged Kaspersky Lab anti-virus software to detect the existence of the files on the contractor’s computer — because anti-virus software scans a computer looking for malware, the report notes, it can also be used to provide an inventory of what’s on the computer.
The hackers leveraged that inventory to determine that NSA files were present on the computer, then accessed what the Journal describes as “a large amount of information.”
Concerns About Kaspersky
In response to the report, Kaspersky Lab said in a statement that it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
Last month, U.S. Acting Secretary of Homeland Security Elaine Duke issued a directive requiring all federal executive branch departments and agencies to stop using Kaspersky Lab software.
The Department of Homeland Security said at the time that it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
U.S. Senator Jeanne Shaheen (D-N.H.) said in a recent statement that the directive is a good first step, but the government should also declassify its findings on Kaspersky Lab in order to raise awareness. “It’s unfortunate that there has not been a more expedited and coordinated effort at the federal level to remove this glaring national security vulnerability,” she said.
Inadvertent Data Breaches
A recent Dtex Systems survey of more than 400 cyber security professionals found that 64 percent of respondents said an inadvertent data breach, in which an employee unknowingly exposes sensitive data, is their top insider threat concern.
Over 50 percent of respondents said they’ve seen an increase in insider threats over the past year.
Fifty-five percent of respondents said an increasing number of devices with access to sensitive data is the top reason behind the rise in insider threats, followed by data increasingly leaving the network perimeter via mobile devices and Web access (51 percent).
And while 57 percent of respondents said user security training is the best way to combat insider threats, just 30 percent feel confident in their organization’s insider threat security posture.
“As the threat landscape evolves, insiders continue to be the easiest target for hackers simply because humans are the most vulnerable part of an organization’s security strategy,” Dtex Systems CEO Christy Wyatt said in a statement.