The gap had the form of a subdomain takeover and is considered as a high severity threat. It means that somebody with bad intentions could easily register the governmental internet domain with the purpose to gain control over it. In that case the damage is done.
After Sweepatic’s discovery (and proactively remediation) at the end of June 2017, they submitted their finding through what is called a responsible disclosure. After coordination with the National Computer Security Incident Response Team (CSIRT) in the US, they were able to bring the security issue to a close (August 2017) before any harm was done. Sweepatic believes this to be a prime example of the collaboration between the private and public sector in reporting security issues around the world, denying opportunities for bad actors.
The kind of security gap found in the digital footprint of the USA.gov is an important matter for many organizations, as Stijn Vande Casteele, Co-founder and CEO of Sweepatic, explains: “For many business and organizations, an internet presence is a window to the world. This window however is also used by cybercriminals and other bad actors, who are continually assessing if it’s worth robbing the shop.”
“What we as cyber security experts observe”, Stijn continues, “is that it is incredibly hard for organizations to keep up as their digital footprints – a complex mesh exposed to the internet - are exploding in size. On the other hand we see adversaries demonstrate patience, determination and growing sophistication in profiling their next targets.”
For more details on the security gap, a technical write up is made available in the Sweepatic blog.
Sweepatic is an innovative cybersecurity company based in Leuven, Belgium. With its unique managed reconnaissance and counterintelligence solutions, it’s striving to discover and remediate security gaps in large digital footprints and making the internet and organizations around the world more safe.
Sweepatic is supported by the B-Hive community and accelerator Start it @KBC, where innovative and scalable entrepreneurship is key. Sweepatic was recently nominated by Leuven Mindgate as one of the start-ups to watch in 2018.