Last week, it was revealed that an undisclosed Australian based defence subcontractor had been hacked. Up to 30GB of data had been stolen from their servers. The data was related to key defence projects, including the development of Joint Strike Fighter Jets and information on some of Australia’s newly developed submarines.
Two of Australia’s top cyber intelligence agencies, the Australian Signals Directorate (ASD) and the national Computer Emergency Response Team (CERT) worked together to investigate the breach. It was discovered that the data breach to the subcontractor’s servers had occurred as early as July 2016. The perpetrator, codenamed ‘Alf’ by the ASD had obtained access to the data up until November 2016, after the ASD discovered its activities.
The subcontracting company was not aware that they had been the victims of a data breach until after it had been discovered. The joint investigation by the ASD and CERT revealed that there were several deficiencies in the company’s IT defences. In fact, the breach was initially discovered by a ‘partner organisation’ that worked with the subcontracting company. They intended to report the breach but were hampered by regulatory and legal processes that they needed to go through.
Other security deficiencies that were identified included:
- Small IT staff numbers in place to maintain data and server security;
- Unpatched operating systems that had not been updated in almost a year;
- Loose implementation of admin rights on networks, servers and equipment (‘Alf’ hacked their admin portal and installed archiving software thanks to this vulnerability that enabled him to obtain the data); and
- Lax password renewal, with administrative systems using the default ‘admin’ or ‘guest’ passwords.
News of the data breach coincided with the launch of a new Cyber Security Centre in Melbourne. Along with another centre established in Brisbane, these centres will provide the latest information on cyber security to the public and provide some assistance to businesses in securing their IT systems effectively.
While most businesses may not manage data relating to government projects or national security, it is still imperative that your business, no matter how large or small, be well protected from cyber attacks.
Securing your IT does not require defence agency levels of sophistication either. As per the above, key lessons to learn include:
- Practice good password management – It is important that all employees change passwords regularly as well as create hard to breach passwords (using numbers, punctuation marks etc)
- Patch software and operating systems regularly – more importantly, always ensure that the software used comes from reliable sources that can provide patch updates and additional support
- Control admin rights on your equipment and networks – ensure that access to the backend functions of your systems is restricted to only those who are qualified to use it.
- Ensure you have well-trained and resilient IT staff – engage staff that are willing and able to adapt to the latest trends in cyber security.
Additionally, ensure that all your staff is trained to some extent to recognise phishing or viral activity. Social engineering attacks occur when staff open suspicious emails, for example, and inadvertently expose their networks to an attack.
With the increase in cyber attacks around the world that have affected all manner of organisations including healthcare, governments and financial institutions; it is clear that no business, no matter how big or small, is safe from hacking.
There are resources available to you that can assist and consult you in assessing, preparing and protecting your IT systems so that your business is ready to handle the next cyber threat. If your organisation requires assistance in any of the aforementioned areas, do not hesitate to contact Agilient.
The Agilient Team