A cache of internal documents stolen from Leidos Holdings, one of the largest IT service providers for the US government has been leaked on the dark web.
Leidos' most prominent customers include the Department of Homeland Security and NASA, as well as the Department of Defense – its primary customer.
An individual familiar with the matter told Bloomberg Leidos is currently investigating the incident, but believes the documents were stolen in a previously disclosed breach.
This incident involved a system produced by software as a service (SaaS) company Diligent Corp. which it used to store information gathered during internal investigations.
According to the original filing, Diligent notified Leidos in November 2022 that an unauthorized individual was able to exploit a vulnerability in Diligent's platform to extract documents from the system.
In February 2023, Diligent updated Leidos to inform them an unauthorized actor was able to exploit a second flaw in its platform to view the information submitted by individuals to Leidos through its content management system (CMS), which could stretch back to October 2022.
A Diligent spokesperson said the original leak appeared to stem from a 2022 breach impacting its subsidiary, Steele Compliance Solutions, which it acquired in 2021. According to Leidos, the incident did not affect its network or any sensitive customer data.
Complex supply chains are leaving organizations in the dark on cyber risk
Third-party attack vectors were responsible for an increasing number of cyber attacks in 2023, and as software supply chains continue to complexify organizations are exposed to new risks.
Speaking to ITPro, Luke Dash, CEO of compliance specialists ISMS.online, said that their research found the vast majority of UK organizations had suffered security incidents related to their supply chain in the last year.
"Critically, we discovered that 41% of UK businesses had been subject to partner data compromises in the last 12 months. Further, a staggering 79% reported having experienced security incidents originating from their supply chain or third-party vendors – up 22% versus the previous year," he described.
"This highlights the urgent need for comprehensive and collaborative cybersecurity measures across all levels of the supply chain."
Spencer Starkey, VP EMEA at SonicWall told ITPro that as supply chains get more complicated, hackers enjoy a wider array of potential weak spots they can target, citing the wide-reaching impacts of recent attacks involving compromised Snowflake credentials.
"As supply chains grow more intricate, they often involve a larger number of third-party vendors, subcontractors, and service providers. With more touchpoints and integrations, there are more opportunities for threat actors to exploit weaknesses," he explained.
"Threat actors exploit weaknesses in software updates, libraries, or interconnected systems, gaining unauthorized access to sensitive data or systems. For example, Snowflake's compromised credentials continue to affect companies around the world, showing the very real impact attacks can have on supply chains. Our data showed 83% of customer-received alerts from our managed services team are related to cloud apps and compromised credentials. "
Ilia Kolochenko, CEO of ImmuniWeb, explained that although some organizations take their third-party risk management (TPRM) seriously they often miss the original cause of the problem.
"While some large companies and governmental agencies take third-party risk management extremely seriously, they still fail to adequately mitigate the root cause of the problem. Worst, some TPRM programs instinctively impose costly and time-consuming due diligence on most vendors, without considering vendor-specific risks, threats, and vendor's overall trustworthiness," he added.
"Eventually, the one-size-fits-all approach miserably fails, and despite sometimes-draconian risk assessments of vendors and suppliers, numerous foreseeable but unaddressed risks continue triggering massive data breaches."
