Reports emerging today make great headlines even though the suggestion is that it was 'only' the unclassified network and no harm has been done.
How do White House network user credentials get compromised in the first place?
In all likelihood, just as simply as any other usernames and passwords: through the credentials being phished or simply brute-forced/guessed.
While you can lockdown systems to make them more ‘hack proof’ through hardening, as long as users still need access to systems they will always need access credentials; which are vulnerable to being compromised.
Fortunately in this case, the breach was detected and headed off before the hackers got beyond the declassified network, but it does reiterate that if you can’t stop the breach, make sure you can spot the breach.
This breach is yet another example of why real-time, continuous file integrity monitoring (FIM) is a must-have.
Read details of the hack here