Defense contractors face more aggressive ransomware attacks
By Olivia Beavers | The Hill | April 13, 2018
Cybersecurity experts say defense contractors are facing more aggressive attacks as nation states and other hacking groups increasingly use malicious software to block information or manipulate data.
The companies that provide U.S. military and intelligence agencies with products and services have long faced espionage-motivated attacks.
They are now, however, also confronting outside attacks that aim to thwart, or even sabotage, their operations.
“To put it bluntly, these are attacks that don’t try to steal secrets — but either try to block information or change information,” Peter Singer, a fellow at New America, told The Hill in an interview.
The rise of ransomware attacks against defense contractors coincides with a rise in the use of ransomware in general. Attacks can spread even after the original target has been hit, hurting unintended victims.
“It is the fastest growing area of cyber crime,” Singer said.
One recent victim is Boeing, which was hit by the WannaCry virus late last month. The U.S. and U.K. have blamed North Korea for the attack, which only took a week to rapidly infect hundreds of thousands of Windows devices in 150 countries last spring.
Varun Badhwar, the head of cybersecurity firm RedLock, said hackers actively search for doors that are already cracked open as they seek to infiltrate such systems.
“[P]eople are looking for low-hanging fruit in terms of misconfigured systems as was in Boeing’s case,” Badhwar told The Hill, adding that the incident could’ve been easily avoided.
“The Microsoft patch was available for close to a year now,” he said.
Linda Mills, the vice president of Boeing’s commercial airlines communications, said in a statement that the attack was quickly mitigated after their “cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems.”
Another point of entry for hackers is employees.
Experts say employees working for defense contractors are increasingly facing sophisticated social engineering attacks, like phishing attacks where hackers masquerade as a trusted acquaintance to trick a victim into opening an email or link that has malware built into it.
“Some of these emails are really sophisticated. They look credible,” David Myers, a cybersecurity expert for American Defense International, told The Hill. “Very bright people are willing to click on them if you don’t take the time to really think about is this email from a trusted source.”
Fancy Bear, a hacking group widely believed to be linked to the Russian government, has a history of targeting employees working for defense contractors with phishing attacks.
Adam Meyers, the vice president of intelligence at cybersecurity firm CrowdStrike, said he is more concerned by the trend of cyberattacks targeting software supply chains than he is spear phishing, which he said has been going on for years.
“Nation-state actors — China, Russia, others and criminals as well — have identified that the software that lots of organizations rely on is the weak link now,” Meyers told The Hill in an interview. “If you get into that software supply chain then you can attack the customers of that software.”
Meyers said that while defense contractors generally have a well-trained workforce and the latest security software, they also use software developed by other outside organizations. He said the day-to-day technology many individuals rely on like their cellphones and computers use software created by other developers, as do devices like the kiosks machines that check employee badges in secured buildings.
“There’s software on all of these systems and there is really no way to validate that. … There is no threat actor in the development environment that that software was built in and that is the thing threat actors are going after,” Meyers said, adding that this “is something that should keep everybody up at night.”
Manipulating information runs the risk that hackers can ultimately cause physical damage by altering the coding of a system.
One high-profile example of such a case is Stuxnet, a computer worm that altered the spin rates and pressures of Iran’s nuclear centrifuges, making the system spin out of control in 2007. The U.S. is believed to be behind the attack.
As early as 2015, National Security Agency director Michael Rogers and other top intelligence officials began raising concerns about the unforeseen consequences data manipulation attacks could have on U.S. systems.
Hackers have long targeted companies such as Boeing, Raytheon, Lockheed Martin and Booz Allen Hamilton with the goal of stealing secrets related to U.S. defense operations.
The incentive to steal secrets is twofold: Other countries seek to obtain secrets to generally boost their awareness about U.S. military operations, or they can steal intellectual property from defense contractors, like weapon designs, so they can be integrated into their own defense operations.
Singer said one only needs to compare the U.S. F-35 fighter jet to its Chinese counterpart to see the danger.
“[The] J-31 is China’s version that either looks exactly like it out of sheer coincidence or because the design process was breached on multiple occasions,” Singer said.
Defense contractors must adopt a holistic approach to confronting threats from training personnel to improving technology and security processes as the attacks continue to morph, the experts said.
The good news for contractors, they said, is that they are better prepared to face such attacks compared to other industries because they’ve long been cyber targets and because they have an established information-sharing system.