Cloud Security

Department of Interior OIG successfully hacks agency cloud in test

Cloud Security
A report published by the Department of the Interior’s Office of the Inspector General revealed that the department’s cloud environment was successfully breached using a tool that is available online, according to TechCrunch.  

The OIG said in its report that its team performed more than 100 mock breaches on the Department’s cloud, which is protected by a data loss prevention solution, between March 2022 and June 2023 while conducting real-time monitoring of the agency’s computer logs and incident tracking measures.   The team used Mockaroo, an online tool for fabricating credentials that is intended to deceive the security tool, along with several well-known data exfiltration techniques and a virtual machine that was deployed inside the Department’s cloud environment.  

The team was able to steal more than 1GB of fake sensitive data, with the agency’s cybersecurity measures failing to block or detect any of the tests.   The Department’s security tools and practices were thus found to “put sensitive [personal information] for tens of thousands of Federal employees at risk of unauthorized access,” though some improvements recommended by the OIG could help prevent an actual breach, according to the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.