Federal authorities reveal significant cyber intrusion at banking institution supervised by the Treasury Department
The Office of the Comptroller of the Currency (OCC), a key regulator within the U.S. Treasury Department, recently experienced a significant cyberattack. This incident, characterised as a "major incident," demonstrated a failure in traditional perimeter defenses, allowing hackers prolonged access to numerous email accounts[1].
The breach was detected on Feb. 11, when the OCC noticed unusual interactions between a system administrative account and OCC user mailboxes[1]. The OCC charters, regulates, and supervises all national banks, federal savings associations, and federal branches and agencies of foreign banks[2].
The unauthorized access was terminated after compromised administrative accounts were disabled on Feb. 12. However, the breach compromised executive and employee emails, including attachments containing highly sensitive financial information[1].
Acting Comptroller of the Currency Rodney E. Hood attributed the breach to "long-held organizational and structural deficiencies"[1]. In response, the OCC has launched an internal and independent third-party review of the incident, and will enlist an independent third party to assess and analyse internal processes related to cybersecurity incidents[1].
Gabrielle Hempel, a security operations strategist and threat intelligence researcher, suggested that the breaches at the Treasury Department may be potentially connected due to the timing and nature of the incidents[1]. Hempel recommended that sensitive financial regulatory information should have access limited, and sensitive communications should be encrypted and housed in hardened systems, not just left in email[1].
The OCC's cyberattack marks the second known data breach at the Treasury Department in several months. The previous one was linked to the exploitation of a bug in BeyondTrust, a vendor that offers software-as-a-service (SaaS)-based cybersecurity[1]. The office of Sen. Tim Scott (R-S.C.), who aided in the investigation of the December breach related to BeyondTrust, did not immediately return a call seeking comment[1].
The ongoing cybersecurity challenges faced by the U.S. Treasury and affiliated agencies suggest a need for robust security policies, including enhanced incident response plans, better oversight, and improved operational resilience[3]. The Treasury's Office of Foreign Assets Control (OFAC) has also been active in imposing sanctions on entities involved in cybercrime, indicating a broader effort to address cyber threats[2][3].
The financial sector, including banks regulated by the OCC, faces elevated operational risks due to increased reliance on third-party services. This expands the potential attack surface for cybercriminals, emphasising the importance of strong security measures and contingency planning[3].
Given the broader context of cybersecurity challenges in the U.S. Treasury and financial sector, agencies like the OCC may need to develop more comprehensive incident response plans to quickly address and mitigate the impact of cyberattacks. Regular audits and assessments are crucial to identify and fix vulnerabilities before they can be exploited by attackers[3].
Implementing robust operational resilience measures, such as business continuity plans and comprehensive risk assessments, is vital for maintaining stability in the face of cyber threats[3]. The use of sanctions against entities supporting cybercrime (as seen with the Aeza Group) reflects an effort to deter malicious activities. This could become a more integral part of future security policies[2].
Sources: [1] The Wall Street Journal, 2023 [2] The Hill, 2023 [3] Forbes, 2023
- The OCC, as a key player in the banking-and-insurance industry, faces increased operational risks due to its reliance on technology and third-party services, expanding the potential attack surface for cybercriminals.
- In the wake of the OCC's cyberattack, there's a pressing need for robust security policies, including enhanced incident response plans, better oversight, and improved operational resilience to strengthen the industry's defense against cyber threats.
- The data breach at the OCC highlighted the need for cybersecurity in privacy and data protection, especially when handling sensitive financial information, as highly sensitive data was compromised during the incident.
- The incident showed that traditional perimeter defenses may no longer be sufficient to protect financial institutions from sophisticated cyberattacks, underscoring the need for advanced threat intelligence and security operations strategies.
- Regulatory bodies, such as the OCC, must comply with privacy and data protection regulations alongside adhering to industry best practices for cybersecurity in order to minimize the risk of future data breaches.
