The U.S. Coast Guard recently disclosed a data breach of its payroll and HR system, Direct Access (DA). The impact has been to compromise banking information and delaying pay for over 1,000 members.
This is the second data breach for the Coast Guard in less than a year.
The cyberattack was detected through abnormal activity on an officer’s account, suggesting bad actors exploited an unmonitored non-human identity (NHI). With the full scope still under investigation, there remains concern that attackers may still have access.
Human identities have security protocols that can be tracked, monitored and have good oversight as they are protected with policies and tools (such as multi-factor authentication). Whereas non-human identities – tokens, secrets, and other machine credentials – do not have sufficient security measures.
This breach highlights the growing identity vulnerabilities amassing in critical infrastructure and the urgent need to modernize legacy systems across government operations. Without full visibility into NHIs and access chains, these systems remain vulnerable.
To explore this matter further, Digital Journal heard from Baber Amin, Chief Product Officer at Anetac.
Amin thinks that the cyberattackers were able to gain access due to outmoded computer systems. He states: “The U.S. Coast Guard’s recent breach underscores the urgent need to modernize and secure legacy systems. As hackers increasingly target critical infrastructure, government agencies must ensure full visibility and security across their operations to prevent unauthorized access and data compromise.”
It is important to maintain current and modern systems, as Amin cautions: “Oftentimes, critical infrastructure organizations, due to their age, are plagued with unmonitored and dormant human and non-human identities (NHIs) that serve as prime entry points for cyberattackers.”
With the actual incident, Amin notes how the attack appears to have been started: “In this case, abnormal activity on a Petty Officer’s account suggests hackers may have exploited an identity-related vulnerability to scope, move laterally through the organization and access sensitive data.”
It is important not to lose sight of the consequences, in this case financial loss. Amin reminds us: “The affected U.S. Coast Guard members may now face financial fraud, and worse, the full scope of the breach remains unknown—raising the risk that attackers still have access.”
There are measures that can be taken to reduce the likelihood of future attacks. Amin spells this out: 2To prevent future breaches, critical infrastructure organizations must run assessments into their systems to discover all active and inactive identities (both human and non-human), map access chains, and evaluate security controls (credential strength, age, activity, and standing access privileges).”
Amin makes an additional recommendation: “A real-time streaming solution identifying and tracking all identity vulnerabilities should be implemented to establish a behavioral baseline, enabling early detection of suspicious activity.”
