A ransomware attack has taken place on the U.S. Marshals Service. The cybersecurity incident has exposed some of its most private data, including materials used in law enforcement and the personal information of staff members who could become the subject of federal investigations.
Looking into this serious data breach for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.
Tausek begins his analysis by explaining the incident and what the consequences are, noting: “The U.S. Marshals Service is looking into a significant ransomware attack that exposed some of its most private data, including materials used in law enforcement and the personal information of staff members who could become the subject of federal investigations.”
And with the significance, Tausek says: “Deemed a “major incident” by officials, the attack allowed hackers to access employee information, information on wanted fugitives and information regarding unidentified third parties.”
Tausek adds: “According to U.S. policy, “major incidents” are regarded as “significant cyber incidents” that have the potential to do tangible harm to the economy, national security, or civil liberties of the United States, as well as to public trust and safety. These incidents are required to be reported to Congress within seven days.”
In terms of how the incident is looking, Tausek explains: “Although the U.S. Marshals Service has created a quick fix to continue investigations into fugitives in the midst of the attack, routine operations are sure to be hindered.”
In the wider context, Tausek says: “Government agencies and the federal justice system continue to be hot targets for cybercriminals due to the classification of sensitive information stored by their systems and the negative repercussions coming out of such an attack that could more easily sway officials to pay high ransom.”
The incident also needs to be placed into the national context, explains Tausek: “This attack comes as the Biden administration attempts to shore up the nation’s cybersecurity posture, as they are poised to release their new National Cyber Strategy document (the first time in 15 years such a document has been published by the White House). This upcoming blueprint for the nation’s cybersecurity will recommend and outline possible regulations to decrease risk across key industries, especially those that service the federal government, and will be the first National Cyber Strategy to recommend a regulatory approach.”
There are measures that can be taken. Here Tausek proposes: “To prevent and eliminate the chances of a targeted cyberattack such as the one on the U.S. Marshals Service, organizations must be staying on top of their cybersecurity strategy.”
He also recommends: “Leveraging a low-code security automation platform that goes beyond just doing the work, but automates that work as well to minimize the chances of error by human involvement as well, is the first step in achieving a robust cybersecurity ecosystem. These platforms allow full visibility into IT environments, ensuring the highest level of protection over valuable human information and alerts in real-time to assist in thwarting any potential threats.”
