MITRE Hit in Massive Supply Chain Attack: State-Backed Hackers Exploit Zero-Days
20 April 2024 at 03:50
The MITRE Corporation revealed on April 19 that it was one of over 1700 organizations compromised by a state-backed hacking group in January 2024. The MITRE data breach, which involved chaining two Ivanti VPN zero-days, highlights the evolving nature of cyber threats and the challenges organizations face in defending against them.
The MITRE data breach was detected after suspicious activity was noticed on MITRE's Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. [caption id="attachment_63933" align="aligncenter" width="609"] Source: X[/caption]MITRE DATA Breach Discovery and Response
Following the detection, MITRE promptly took NERVE offline and launched an investigation with the assistance of both internal and external cybersecurity experts. "Following detection of the incident, MITRE took prompt action to contain the incident, including taking the NERVE environment offline, and quickly launched an investigation with the support of in-house and leading third-party experts. The investigation is ongoing, including to determine the scope of information that may be involved," reads the Official notice. MITRE CEO Jason Providakes emphasized that "no organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible." Providakes highlighted the importance of disclosing the incident in a timely manner to promote best practices and enhance enterprise security. โWe are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well as necessary measures to improve the industryโs current cyber defense posture. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices,โ said Providakes. Charles Clancy, MITRE's Chief Technology Officer, provided additional insights, explaining that the threat actor compromised the Ivanti Connect Secure appliance used to provide connectivity into trusted networks. Clancy stressed the need for the industry to adopt more sophisticated cybersecurity solutions in response to increasingly advanced threats. MITRE outlined four key recommendations:- Advance Secure by Design Principles: Hardware and software should be inherently secure.
- Operationalize Secure Supply Chains: Utilize software bill of materials to understand threats in upstream software systems.
- Deploy Zero Trust Architectures: Implement micro-segmentation of networks in addition to multi-factor authentication.
- Adopt Adversary Engagement: Make adversary engagement a routine part of cyber defense to provide detection and deterrence.