Even as internal threats remain – where an individual like Edward Snowden or Jack Teixeira can all too easily leak sensitive data online – there are also external operators that can be ever lurking, waiting to exploit weaknesses in third-party networks. It was just last month that gigabytes of sensitive data related to the British military intelligence sites were exposed by the infamous LockBit ransomware group.
The group breached the computer systems of Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities. In this case, the rogue operatives compromised a legacy computer running Windows 7 – and used that as an initial point of access to the wider company network.
The cyberattack, which the company described as “sophisticated,” reportedly occurred in early August. The PC in question had been running software for one of the firm’s manufacturing machines, and it has been removed and the vulnerability closed.
“At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed. It is believed that this is 10 GB of data, 0.74% of our stored data. LockBit will have potentially gained access to some historic emails, orders, drawings, and project files, we do not believe that any classified documents were stored on the system or have been compromised.” Zaun said in a statement.
Data on the Dark Web
What is notable about this attack isn’t just the fact that the firm had employed out-of-date software on one of its computers, but its own cybersecurity staff prevented a server from storing the data from being encrypted – to allow work to continue as normal.
The Daily Mail newspaper reported that LockBit leaked some of the stolen data on a Dark Web site. Included were “thousands of pages of data which could help criminals get into HMNB Clyde nuclear submarine base, the Porton Down chemical weapon lab, and GCHQ listening post.”
Zaun has said the full details of its fencing products are already publicly available.
“As such it is not considered that any additional advantage could be gained from any compromised data beyond that which could be ascertained by going to look at the sites from the public domain. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it,” Zaun added.
The Danger of Legacy Systems
It is unclear why the legacy system wasn’t upgraded, but it serves as a reminder that one computer with out-of-date software could allow an entire network to be exposed. Extended support for Windows 7 ended on January 14, 2020, while security updates ceased on January 10, 2023 – and that was only for Professional and Enterprise volume licensed editions.
It is true that upgrading legacy systems can be expensive, but the cost of having said system fall victim to a ransomware attack or other cyberattack can be even costlier, both in time and money. Security experts suggest such legacy systems be isolated from a wider network, as well as the Internet.
“We continually see organizations who do not know where the hidden vulnerabilities lie within the depths of their networks. Although organizations are following all of the industry best practices, often to the greatest of their ability, they are still getting breached and ransomed like never before,” warned Stephen Gates, lead cyber for small to medium enterprise (SME) at cybersecurity provider Horizon3.ai.
“We constantly discover not just the easy-to-find common vulnerabilities and exposures (CVEs), but stacks of weaknesses, credential reuse, poor credential policies, misconfigured software, poorly configured security controls, outdated technologies, un-patchable operating systems, and a high number of completely fixable issues,” Gates told ClearanceJobs. “However, organizations are often totally blind to the easily discoverable security issues they have, and we as an industry must resolve to fix this endemic problem before it gets even greater.”
Could it Happen Here?
The cyberattack on a firm supporting the UK military should be a wake-up call for all U.S. agencies, as well as the firms that support them. Such an attack can, and unfortunately likely will, happen here due to a seemingly easy-to-address and equally easy-to-exploit vulnerability.
“Any entity that has unresolved vulnerabilities – or whose partners have unresolved vulnerabilities – are exposed to cyberattacks. While it is unclear how much damage could occur from this specific leak, it does illustrate one rogue device can put sensitive data at risk,” said Emily Phelps, director at threat intel platform provider Cyware.
The U.S. should expect that rogue states, as well as organization cyber-criminal gangs, are actively seeking such vulnerabilities.
“Cyberattacks have become an increasingly significant component of modern conflict and geopolitics,” Phelps told ClearanceJobs. “Whether they lead to physical warfare or not, they often accompany traditional war, disrupting critical infrastructure like power grids or financial systems.”
Reminder – Harden the Systems
It goes largely without saying that this is also a reminder for any entity that has a computer network, whether big or small, to ensure that hackers aren’t provided with opportunities to breach a system.
“It is absolutely imperative to use proven technologies to continuously assess your own network environments, drilling down deep to find those hidden risks that are totally ripe for exploitation,” Gates added.
“A one-and-done assessment per year will no longer suffice,” he continued. “As new employees come and go, devices and software get added and updated, systems needing decommissioned get abandoned or forgotten, and new threats actors and their attacks start targeting you and your industry, you must continuously understand where the holes exist in your armor and fix them fast before falling victim.”