Defense Contract Management Agency Investigating Possible Cyber Breach

By Eric Noonan • February 10, 2015

In the latest cybersecurity breach, the Defense Contract Management Agency (DCMA), responsible for administrating contracts on behalf of the Department of Defense (DoD), has taken several of its servers offline in response to a potential cybersecurity incident.  According to Krebsonsecurity, a Cyber Protection strike team from the DoD is now working closely with the DCMA to elevate its security posture following the incident.

“So far, no DCMA, DoD or Defense Industrial Base data nor any personal identification information has been breached (…) DCMA’s website has been intentionally taken offline while the team investigates the activity,” the spokesperson says. “All other network operations have proceeded as normal (…)”

David Wray, DCMA Spokesman

The two-week-long “Corrective Action” message found on the home page of the DMCA.

According to an unidentified source in the DCMA, the agency has been having “major system issues, including a number of internal systems.” This incident adds to the string of cyber attacks on US Government systems from the U.S. Central Command’s Twitter and YouTube accounts, the United States Postal Service data breach, the National Oceanic and Atmospheric Administration website compromise, and the White House’s unclassified network breach.

 

What was the Attack Vector?

DCMA employees leverage resources for telework to review federal contracts between external companies and the DoD. At CyberSheath, we have seen a number of successful cyber attacks leverage these third party relationships and integrations to gain access to the internal trusted network of a partner. This methodology also follows the trends of recent attacks against the US Government. Albeit, this is only speculation as we do not have enough information to analyze who and how the attackers breached DCMA.

 

What was the Motivation?

It is highly likely that hackers targeted DCMA in an effort to obtain intel on the entities that hold specific contracts for the DoD so that they may target those entities and breach more sensitive networks. Alternatively, the groups responsible may be trying to release confidential information to the public to embarrass the US Government. In either case, this attack may set the stage for a greater incidence in the coming weeks.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO