Ministry of Defence suffers data breach
UK military and intelligence information has reportedly been leaked online following a data breach at a partner firm, according to The Mirror.
The data breach affected physical security firm, Zaun, which handles the safety of military locations such as a nuclear submarine base, a chemical weapon lab, and a GCHQ listening post, the report claims.
It says that the hacking group, LockBit, released the Ministry of Defence’s information on the dark web which can be accessed using special software.
Labour MP Kevan Jones, who sits on the UK’s Commons Defence Select Committee said: “This is potentially very damaging to the security of some of our most sensitive sites.”
In a press release by Zaun, the firm said that the data breach happened at the beginning of August due to a “rogue Windows 7 PC that was running software for one of our manufacturing machines”.
Paul Brucciani, cyber security advisor at WithSecure, explains that Window 7 support ended at the beginning of 2020, and technical assistance and software updates are no longer available for it.
While Microsoft recommends customers move to Windows, “updating operational technology software is hard”, says Brucciani.
“Security vulnerability patches may not exist, or they may not be compatible with the hardware, the device may be remotely located and hard to reach, or the device owner may not approve the patch.”
While Zaun says it has removed the machine and has taken all reasonable measures to mitigate any attack on its systems, Brucciani recommends that Zaun, and any business running operational technology (OT) systems, minimises or remove connections between OT systems, and internet-connected business systems.
He also advises monitoring all possible entry points for unauthorised access, authenticate and authorise all users accessing information, using secure access tools such as hardware-based remote access tools to use OT systems, and enforcing appropriate security policies and testing regularly.
Earlier this year, Royal Mail had to suspend overseas services following an attack which was also suspected of being carried out by LockBit.
To read more stories on cyber security click here.
Subscribe to our Editor's weekly newsletter