Internal documents from Leidos Holdings Inc.[1] a leading IT services provider to various US government agencies including the Defense Department have been leaked online by hackers. The documents are believed to have been exfiltrated during a breach of a system operated by Diligent Corp., https://www.diligent.com which Leidos used for its operations.
The breach was initially reported earlier this year when Diligent Corp., a company providing governance, risk, and compliance (GRC) software, suffered a cyber intrusion. Leidos, among many of its clients, was affected by this incident. The hackers managed to infiltrate Diligent's system, gaining unauthorized access to sensitive documents belonging to Leidos and potentially other clients.[2]
Leidos Holdings Inc. confirmed the connection to the Diligent breach and stated that it is actively investigating the situation. The company is working closely with cybersecurity experts and law enforcement agencies to assess the scope of the data leak and to mitigate any potential damage. "Although we don't have details about the root cause of the breach of the service provider, we have seen a lot of failure to implement MFA and strong authentication recently," said Jason Soroko, Senior Vice President of Product at Sectigo. "Anyone implementing an online service must ensure they are using the strongest authentication possible, and this is especially true in supply chain scenarios."
As a significant IT services provider to the US government, Leidos handles sensitive information related to national security, defense, and various federal operations. The exposure of internal documents could have serious ramifications, potentially compromising national security and the integrity of government operations. The incident underscores the vulnerabilities in the supply chain and the importance of securing third-party service providers.
The leak has sent ripples through the cybersecurity community, highlighting several critical issues. Nakul Goenka, Risk Officer at ColorTokens, offered this.
"Microsegmentation can play a pivotal role in addressing the critical issues highlighted by the leak:
- Mitigating Third-Party Risks: By isolating third-party service providers and their networks, micro-segmentation helps contain potential breaches and prevents them from spreading across the entire network.
- Enhancing Incident Response: Micro-segmentation can aid in incident response by providing granular visibility into network traffic and access patterns. This enables organizations to quickly identify and isolate compromised segments, reducing the overall impact of a security incident.
- Strengthening Data Encryption and Access Controls: With micro-segmentation, organizations can apply fine-grained access controls to sensitive data, ensuring that only authorized users and applications can access critical information. This reduces the risk of unauthorized access or data leaks.
- Enabling Continuous Monitoring and Threat Intelligence: Micro-segmentation provides real-time visibility into network activities, making it easier to detect anomalies and potential threats. This, combined with advanced threat intelligence, allows organizations to proactively adapt their defenses and respond to emerging threats more effectively."
Chad Graham, Manager of Cyber Incident Response Team (CIRT) at Critical Start, offered this comprehensive take on the incident. "The breach of Leidos Holdings Inc. through Diligent Corp.'s system raises significant concerns due to the highly sensitive nature of the data potentially exposed," Graham said. "Leidos handles critical national security and defense information, including classified documents, project plans, and communication records. The exposure of such information could have severe consequences, such as jeopardizing national security operations; revealing strategic defense plans; and exposing confidential government communications."
Graham continued, "For example, if project plans or classified documents are compromised, adversaries might gain insights into US defense capabilities and strategies, potentially undermining national security. Additionally, the exposure of communication records could lead to the identification of key personnel and operational details, making them targets for further cyberattacks or other forms of exploitation."
He added that the breach underscores the critical issue of third-party vulnerabilities. "This incident underscores a critical issue in cybersecurity: the vulnerabilities introduced by third-party service providers. Third-party risk management is increasingly becoming a focal point for organizations handling sensitive information," he said. "The Diligent Corp. breach serves as a stark reminder of the 2020 SolarWinds attack, where a compromised third-party software update led to widespread exposure across multiple organizations, including several US federal agencies."
Graham added that the incident will likely cause industrywide repercussions. "The leak of internal documents from Leidos Holdings Inc. through the Diligent Corp. breach is likely to prompt a reevaluation of cybersecurity practices across the industry," Graham said. "Companies will be compelled to scrutinize their third-party risk management strategies and enhance their security protocols to prevent similar incidents.
This breach could lead to an increased demand for more secure and transparent third-party services, emphasizing improved encryption, access controls, and incident response plans. Furthermore, regulatory bodies may introduce stricter compliance requirements for third-party risk management to protect sensitive information."
Leidos Holdings Inc. and other organizations affected by the Diligent Corp. breach are now focused on strengthening their cybersecurity measures.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).
For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[2] https://www.secureworld.io/industry-news/hackers-leak-leidos-documents
Comments