Ransomware, as we know, has been hitting undisturbed for years, and it looks like things are not going to get better.
If it is true that we rarely hear about attacks on military structures (perhaps also because such attacks are hardly reported) it is also true that logistic chains and suppliers of military organizations are increasingly affected perhaps because they are considered weaker or simply because it is easier to make money without too much noise.
Just this happened last week, Northrup Grumman's sub-contractor Westech International confirmed to Sky News that it had suffered a ransomware attack.
Westech International has admitted that it was attacked by means of ransomware Maze as a result of which many data have been encrypted, with a request for redemption.
The most worrying thing, however, is a secondary aspect of what happened, in fact the data (or part of it) was exfiltrated to prove the veracity of the attack and made public: it is data in some way connected to the LGM-30 nuclear deterrent system Minuteman III (ICBM), in service in the USA.
The online publication of part of the encrypted data can in fact have the dual purpose of proving the truthfulness of what has been done to a wider public and of approaching potential customers interested in the stolen data.
According to the article, these are in particular Russian hacker elements who may have collaborated with espionage agencies.
Regardless of who is behind the act itself and what the real objective was, the fact remains that an attack can be perpetrated against a large organization by hitting one of the weak links in the chain and the civilian logistic chain is normally the weakest. as it has a larger attack surface.
While work procedures, IT systems and military personnel are subject to very stringent controls, the same cannot be said for external companies, which by their nature require much more frequent information exchanges with the civilian world, of suppliers and subcontractors, consultants or with the world of research, all things that translate into weaknesses.
Another important aspect of the case is to be found in the threat of publishing the stolen data, undoubtedly in order to solicit the payment of a ransom, probably higher than the value of the stolen data, in consideration of the consequent loss of image, which is even more important. for a company that works in the military sector.
Let's not forget also that the system Minuteman III is a nuclear ballistic missile system distributed over the earth's surface and capable of transporting several thermonuclear warheads at a distance of about 10.000 km by means of ballistic missiles capable of reaching speeds close to Mach 23 (i.e. over 27.000 km / hour).
The loss of information about the system Minuteman III it can therefore be considered as a serious compromise of the American nuclear deterrence system, based as we know, on three pillars:
- terrestrial - Minuteman III
- aircraft - nuclear weapons carried by strategic bombers
- naval - ballistic missile Trident launched by nuclear submarines
In fact, the use of digital information systems presents the account more and more often in the form of the so-called capability-vulnerability paradoxor the negative aspect linked to the excessive digital development which means that the more systems are interconnected and digitized, the greater the cyber risks to be faced.
Digitization and computerization on the one hand bring the benefits related to the greater ability to collect and process data but in the same way it brings all the risks related to the use of the aforementioned technologies.
Sophos, in a study explains in detail the functioning of ransomware Maze, while in another study, "The State of Ransomware 2020" clearly indicates that a good backup policy is by and large the best choice to be able to restore encrypted data without paying any ransom.
Of course it works if the data is not exfiltrated, characteristic of Maze, that it combines encryption with the reputational factor linked to the threat of dissemination of exfiltrated data.
As usual: the law is made, the deception found!
To learn more:
- https://news.sky.com/story/hackers-steal-secrets-from-us-nuclear-missile...
- https://nakedsecurity.sophos.com/2020/06/04/nuclear-missile-contractor-h...
- https://news.sophos.com/en-us/2020/05/12/maze-ransomware-1-year-counting/
- https://cybersecurityreviews.net/2020/06/08/nuclear-missile-contractor-h...
Photo: US Air Force
