In March 2020, Visser Precision Manufacturing confirmed it was \u201cthe recent target of a criminal cybersecurity incident, including access to or theft of data.\u201d Visser Precision, a Denver, Colorado-based manufacturer, makes custom parts for many industries, including Lockheed Martin, Boeing, General Dynamics, and SpaceX.<\/p>\n\n\n\n
Security researchers say the DoppelPaymer ransomware caused the attack, a file-encrypting malware that first exfiltrates the company\u2019s data before encrypting the victim\u2019s computer then exposes the files. The ransomware threatens to publish the stolen files if the ransom is not paid.<\/p>\n\n\n\n
The Department of Defense (DoD) has one of the world’s largest supply chains, including thousands of third-party contractors. The vendors and partners represent the weakest cyber link in the nation\u2019s defense infrastructure and present a substantial cyber risk.<\/p>\n\n\n\n
In this series of blogs, \u201cEverything You Need to Know About DoD CMMC,\u201d we will discuss the Cybersecurity Maturity Model Certification, known as \u201cCMMC.\u201d Today\u2019s article is about CMMC background.<\/p>\n\n\n\n
Third-party Contractors – Weakest Cyber Link<\/strong><\/p>\n\n\n\n The Defense Industrial Base (DIB) sector consists of companies that contribute to research, engineering, production, delivery, operations, installation, and support services. The cyber actors continue to target the DIB sector and the Department of Defense (DoD) supply chain for intellectual property and unclassified information. These activities significantly increase the risk to national security and threat to national security.<\/p>\n\n\n\n For contractors that engage with the DoD, the CMMC is the new standard to abide by. Per IBM Cost of Data Breach Report 2020, the global average total cost of a data breach is $3.86 million. The nation-state actors caused 13% of the malicious violations, and financially motivated attackers caused 53$. Per Verizon Data Breach Report 2020, 70% of breaches were perpetrated by external actors, and organized criminal groups caused 55% of breaches. <\/p>\n\n\n\n Below are some additional details from Verizon Data Breach Report 2020:<\/p>\n\n\n\n CMMC Background<\/strong><\/strong><\/p>\n\n\n\n The attacks described above and the statistics based on Verizon and IBM’s studies are the kind of cyber incidents the Pentagon is trying to prevent through its new CMMC framework. CMMC is a new security DoD framework that holds suppliers accountable for their security postures before engaging in government business.<\/p>\n\n\n\n In 2015, The U.S. Department of Defense published the Defense Acquisition Federal Regulation Supplement, known as DFARS, which mandates that DoD vendors and partners adopt cybersecurity standards according to the NIST SP 800-171 cybersecurity framework. Because of the slow adoption rate of the DFARS 252.204-7012 regulation, the Department of Defense has released the Cybersecurity Maturity Model Certification (CMMC) to ensure appropriate levels of cybersecurity controls, and processes are adequate and in place to protect Controlled Unclassified Information (CUI) on DoD contractor systems.<\/p>\n\n\n\n The CMMC is being created to streamline security practices, making it easier for specific companies who work along the DoD supply chain to maintain cybersecurity compliance. It applies to contractors who work with:<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" In March 2020, Visser Precision Manufacturing confirmed it was \u201cthe recent target of a criminal cybersecurity incident, including access to or theft of data.\u201d Visser…<\/p>\n","protected":false},"author":1,"featured_media":2695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[84],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/posts\/2244"}],"collection":[{"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/comments?post=2244"}],"version-history":[{"count":4,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/posts\/2244\/revisions"}],"predecessor-version":[{"id":2252,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/posts\/2244\/revisions\/2252"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/media\/2695"}],"wp:attachment":[{"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/media?parent=2244"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/categories?post=2244"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.einnosec.com\/index.php\/wp-json\/wp\/v2\/tags?post=2244"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What tactics are utilized?<\/strong><\/td> Who\u2019s behind the breaches?<\/strong><\/td><\/tr> 45% of breaches featured hacking22% included social attacks22% involved malware17% caused by errors8% of breaches were misuse by authorized users4% of breaches involved physical actions<\/td> External actors perpetrated 70% of breachesOrganized criminal groups caused 55% of breachesInternal actors perpetrated 30% of breaches4% of breaches had four or more attack actions1% involved partner actors1% involved multiple parties<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n