The How And Why Hackers Target Defense Contractors
Our military and intelligence departments rely on the US defense industry for services and equipment, including vehicles, ships, aircraft, weaponry, and electronic systems so officials are constantly worried about the threat exposure and how to protect the defense industrial base (DIB) against breaches or other cyberattacks.
Global cybercrime costs are expected to increase from $3 trillion each year in 2015 to $10.5 trillion annually by 2025. To stay on offense, the DIB has invested heavily in cybersecurity but cyberattacks are still taking place across the country at an alarming rate. By almost every measure, we’ve seen the scope, scale, and impact of these data breaches have risen over the COVID-19 pandemic.
It’s important to understand the threat hackers can pose to your defense organization. Through a variety of methods that include phishing emails, malware, and social engineering, cybercriminals can even gain access to other defense networks through yours. They do it for a variety of reasons, but some of the biggest are for financial gain, espionage, and sabotage.
But when a defense contractor is attacked, it’s different. And that difference can be significant. Defense companies risk the usual loss of data, and financial losses, but a cyberattack here could be a threat to national security that results in loss of life.
Do you remember? The 2009 high-profile breach in which suspected Chinese cybercriminals broke into the computer networks of several defense contractors and stole design data for the most expensive weapons system in U.S. history: the F-35 Joint Strike Fighter. How serious is this? If the Chinese get their hands on this design data, they could build a copy of the F-35 that is just as good as – or even better than – the original.
Clearly, defense networks hold valuable information, so the hunt is on for defense contractor vulnerabilities. Why hackers target defense contractors is not really a question. A better question may involve starting with: how are hackers able to identify so many vulnerabilities in DIB systems?
Vulnerabilities in legacy systems
Defense contractors frequently use legacy systems that are often customized and difficult to update or maintain. These outdated systems are less secure and tend to be built on older technology with fewer updates and security patches available, making them more vulnerable to attack.
Legacy systems operated by individuals not as familiar with information security best practices make them more likely to make mistakes that could lead to a cyberattack. Any company unfamiliar with cybersecurity best practices appeals to cybercriminals because they'll almost certainly have less sophisticated cyber defenses.
Foreign intelligence gathering
According to U.S. Intelligence, Russian-sponsored actors have regularly targeted defense contractors since at least 2020, accessing unclassified sensitive information as well as proprietary and export-controlled technology cleared by the government. Such breaches can give the Russian government insight to adjust its military strategies, advance its technologies, target recruitment sources, and inform other foreign policymakers about the U.S. intelligence intentions.
This presents ongoing challenges for the United States. Tensions have always been high between the U.S. and Russia, particularly in the last few years. In June 2021, President Biden and Russian President Vladimir Putin agreed to take critical infrastructure off the cyber attack table that encompassed 16 "specific entities," including the energy sector and water systems. Also included were Department of Defense entities and contractors that control and command intelligence, communications, information gathering, and combat systems.
The intelligence community warns that Russia has potentially had access to contractor networks for up to six months. This is a significant time to gather intelligence on the U.S. defense systems and strategies. A breach in these entities could mean that information about services like vehicle and aircraft design, data analytics and logistics, as well as weapons and missile development have been exposed to the Russian government.
This includes information about U.S. intelligence, reconnaissance, surveillance, and targeting.
Not every defense contractor works on plans for the F-35 Joint Strike Fighter, but many DIB companies operate in other sensitive, classified, and unclassified capacities that make them more desirable targets for intelligence gathering.
What Hackers Do
Different hackers use different methods to test vulnerabilities in systems and then take advantage and cause a breach. However, the focus is on gaining access to the cloud networks at every opportunity with most Microsoft 365 breaches happening through data and emails.
Usually, the hackers use legitimate credentials to gain and maintain access to Office 365 environments persistently. They then initiate different malware into the system that gathers the data they need.
The hackers mask these malicious attempts using URL shortening services, small office/home office (SOHO) devices as operational nodes, and virtual private servers (VPSs) as encrypted proxies.
This is a common but effective tactic that allows hackers to get information about a company's products, legal matters, internal personnel, and relations with other companies or countries.
Other standard methods used by hackers include:
- Spear phishing: This email scam targets employees in intelligence agencies intending to steal data for malicious purposes. Hackers also use spear phishing to install malware into your defense infrastructure. Usually, the email comes as if it is from a trustworthy source like the National Center for Missing and Exploited Children, but it is from a website full of malware.
- Credential harvesting: Hackers use this method to gather large amounts of data and then use it either by selling it on the dark web or sharing it with the public. Hackers use ‘man in the middle ( attacks, phishing, DNS poisoning, and other channels to access your business structure. Usually, they look for weaknesses in your system, especially your API security and authentication solution.
- Brute force: This hacking method uses many trials and errors to gain access to your system through your login credentials, passwords, and encryption keys. The hacker will try several usernames and passwords until they get the right one, meaning they can go through several combinations first. While old, this cyber attack method is still very effective and popular among many hackers today.
- Password spraying attacks: This type of brute force cyberattack uses a list of default passwords or usernames on one system. For instance, if the hacker knows that one password from the list of passwords is 12345, they will use it against the different usernames in the list until one logs into an account. Hackers use this method because it avoids the lockouts when one account is logged into wrongfully many times.
- The exploitation of vulnerabilities: Here, the hacker will look for a flaw in your system. Once they identify where the vulnerabilities lie, they take the initiative to cause a breach into your system. Hackers use software, open-source exploit kits, or sequences of commands to find these vulnerabilities.
What You Can Do
There are a number of steps that organizations can take to mitigate the risk of hacker attacks, including staying up to date on cybersecurity best practices. It is important for organizations to consider their incident response plans, processes, and procedures in order to effectively mitigate the impact in the event of a breach.
As a defense contractor, start implementing strategies that protect your company against hackers. Teach your employees how to strengthen their passwords, make them unique, and then get a password management solution.
Adopt a multi-factor authentication system with lockout features for attempted but failed logins. Consider additional protection programs like patch management programs, least privilege principles, endpoint detection tools, and anti-virus programs.
Start a training and development program for your employees to ensure they know how to detect malware attacks like phishing emails. Also, ensure your security system provides alerts and notifications if there is a risk of attack.
Protect Your Defense Organization from Hackers
Even though the cyberattacks from Russia are evident, President Putin and his administration continue to deny sponsoring the cyberattacks against the U.S. and our intelligence agencies. It is expected that the Russian state's supported cyber actors will not give up on these targets, the information they gather from these attacks is too valuable and methods like spear phishing provide ready access points.
What can be done? The DIB needs to take steps to improve its cybersecurity and protect its computer networks from future cyberattacks.
Create a structure that protects your defense business from these attacks. Adopt multi-factor authentication, use powerful and unique passwords, and robust configuration management plans.