We often hear of the more outlandish data breach scenarios when talking about lateral movement, network segmentation, and high value environments.
Many will be familiar with the "Las Vegas Fish Tank" account, or perhaps slightly more obscure - malicious code hidden in PNG metadata. I've had similar conversations with people in the past - and we find it amusing that such unlikely data breach routes exist and are exploited; but this latest story on the NASA Jet Propulsion Laboratory breach highlights that only one level removed from these examples - we still see extremely critical networks accessed, and sensitive data exfiltrated via the most mundane systems.
In the JPL example, NASA's own audit report calls out "that JPL’s network gateway that controls partner access to a shared IT environment for specific missions and data had not been properly segmented to limit users only to those systems and applications for which they had approved access."
The system in question this time being a simple Raspberry Pi, a very simple and inexpensive computer often used for learning to code - which was connected to the network and (erroneously) able to access JPL networks. The primary call-outs in the report are a lack of accurate NAC control and CMDB management - which lead to the network being open more than it should. Recommendations included the following advice:
"To mitigate future attacks, JPL deployed host-based firewalls and intrusion prevention systems on workstations and implemented network segmentation throughout the JPL network to limit the spread of malware."
My takeaway from this is that segmentation of the network from a security perspective is a day-zero consideration for any environments hosting critical data - and visibility of the network flows would give teams an enormous advantage in these common breach scenarios.
Raspberry Pi Used in JPL Breach