Hackers Steal 30GB of Aussie Defense Plans
Some 30GB of commercially sensitive data on Australia’s defense program was stolen in an “extensive and extreme” cyber-attack on a government contractor, it has emerged.
The attack happened in July last year but spy agency the Australian Signals Directorate (ASD) didn’t become aware of a breach until November.
The data was unclassified and the Australian government has been keen to emphasize that national security was not at risk.
"I'm sure there is work being done on finding out who did it,” said defence minister Christopher Pyne, according to broadcaster ABC. “It could be a number of different actors, it could be a state actor, a non-state actor, it could've been someone who was working for another company.”
The stolen data apparently included info on the F-35 Joint Strike Fighter, P-8 Poseidon surveillance aircraft and C-130 transport plane, as well as details on a few Australian naval vessels.
The threat actor, codenamed "Alf" after a popular character from Aussie TV soap Home and Away, is said to have accessed "pretty much every server" and was able to read emails of the chief engineer and a contracting engineer at the breached aerospace firm.
That firm apparently had just one IT professional managing the entire function, among a total staff roster of only 50.
The attacker is said to have exploited a software vulnerability that hadn’t been patched for 12 months, although the firm’s web portal was also accessible using the username-password combinations "admin admin" and "guest guest".
Paul German, CEO of Certes Networks, argued that the industry needs to rethink security as breach detection times still aren’t falling fast enough.
“We need to decouple security from infrastructure and adopt a ‘zero trust’ security model: to achieve access, a user needs to both see an application and be permitted to use it,” he added.
“Taking this model and securing it with cryptographic segmentation allows an organization to embrace zero trust irrespective of infrastructure, of data center locations, new cloud deployments, and / or the desire of workers to hang out in the local coffee shop.”
Source: Information Security Magazine