The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace (VT SAA), a subsidiary of ST Engineering, one of Asia’s largest defense and engineering groups, as well as stole and leaked unencrypted files in April 2020 through a compromised administrator account.
The fact that “ a compromised Administrator account” was the entry point for the Maze ransomware breach will be lost on most people. The truth is that hackers breached VT SAA’s defenses by bypassing their Maginot Line, or, perhaps more appropriately for the shareholders of ST Aerospace – the guns were pointing the wrong way.
In other words, the hackers succeeded by going around VT’s cyber defense, probably by phishing the human owner of the Admin account. The enemy is waging the war in front of them while most security teams are fighting the last war, the one where anti-virus software, encryption, 2FA and firewalls save the day.
Post attack, the focus of the story is always on encrypted data, “securing our systems”, buying more tech, retaining a well-known outside security advisory team and managing the PR. So the lesson is rarely learned: Patch People. Treat people as part of a holistic defense strategy.
For a fraction of the cost of cyber defenses, CISOs can teach employees how to be part of the defense. It’s not as sexy as big-budget security tech but it can work far better.