"US Census Bureau Slammed for 2020 Breach"

A government inspector has heavily criticized the US Census Bureau after a 2020 breach which could have been prevented by prompt patching.  Although the attacker could not access servers used for the 2020 census, they could modify user account data to prepare for remote code execution, according to the US Office of Inspector General (OIG) report.  Fortunately, the attacker’s attempt to maintain access to the system by creating a backdoor was unsuccessful, thanks to the Bureau’s firewalls.  The inspector report highlighted a string of failures by the Bureau, which directly led to the attack and complicated incident response efforts.  Firstly, the Bureau failed to patch a critical vulnerability on its remote access servers that was exploited by the attacker, despite the vendor publishing a fix more than three weeks earlier.  Secondly, the Bureau failed to promptly discover and report the incident because its SIEM was not set up to analyze suspicious activity in real-time. That created a delay of two weeks before the incident was detected.  Thirdly, an incident investigation was hindered because none of the Bureau’s remote access servers sent system logs to its SIEM platform.  According to the report, the Bureau also operated servers no longer supported by the vendor and did not prioritize decommissioning these, further exposing it to attacks.  Finally, the Census Bureau didn’t hold a formal “lessons learned” session with incident responders and other stakeholders to improve their processes in preparation for future breaches.

Infosecurity reports: "US Census Bureau Slammed for 2020 Breach"