"Simpson joined The Electoral Commission - the UK's election oversight and political finance regulator - in June 2022 as head of digital, information, technology and facilities, to lead a wide-ranging digital transformation project which, alongside transitioning from on-prem to cloud, brought a plethora of cyber upgrades. But unknown to Simpson or anybody else, threat actors - possibly Chinese state cyber spooks, or a ransomware gang, or both - were already lurking within the Electoral Commission's systems."
"Part of that was to introduce MFA [multifactor authentication], and that happened in October 2022, which is exactly when we found the compromise," says Simpson. "One of the lead engineers on the project spotted that they had 10 attempts on their MFA account within less than a minute. It was glaringly obvious that something wasn't quite right at that point."
A breach began in August 2021 by exploiting the ProxyShell vulnerability on an unpatched server. The attacker presence remained undetected through routine operations until a cloud migration and security upgrades were underway. Simpson joined in June 2022 to lead digital transformation and cyber upgrades including a move from on-prem to cloud. Multifactor authentication was introduced in October 2022, which triggered rapid failed MFA attempts and revealed the compromise. Threat actors may include Chinese state cyber operators, a ransomware gang, or both. The attack exposed gaps in patching and monitoring despite ongoing security improvements.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]