CISA highlights failures after US agency cyber breach
The agency warned that untested response plans delayed critical third-party support.
The US Cybersecurity and Infrastructure Security Agency (CISA) has published lessons from its response to a federal agency breach.
Hackers exploited an unpatched vulnerability in GeoServer software, gaining access to multiple systems. CISA noted that the flaw had been disclosed weeks earlier and added to its Known Exploited Vulnerabilities catalogue, but the agency had not patched it in time.
Investigators also found that incident response plans were outdated and had not been tested. The lack of clear procedures delayed third-party support and restricted access to vital security tools during the investigation.
CISA added that endpoint detection alerts were not continuously reviewed and some US public-facing systems had no protection, leaving attackers free to install web shells and move laterally through the network.
The agency urged all organisations to prioritise patching, maintain and rehearse incident response plans, and ensure comprehensive logging to strengthen resilience against future cybersecurity attacks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!