ZDNet is reporting that hackers breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces.
Local press reported that hackers breached 30 computers and stole
internal documents from at least ten computers in October 2018.It’s
believed that the stolen documents contain information about arms procurement
for the country’s next-generation fighter aircraft, according to a news outlet
reporting on the cyber-attack.The breached organization is South Korea’s
Defense Acquisition Program Administration (DAPA), an agency part of
the Ministry of National Defense.
Expert Comments below:
Pravin Kothari, CEO at CipherCloud:
“The hack of a South Korean database that contains weapons and munitions data for the country’s military is not much of a surprise. Likely, even in times of detente, you would expect both China and North Korea to be vigorously banging on the cyber front door in South Korea. What’s surprising is that the South Korean data was so easily stolen and that the attackers were able to escalate permissions to administrator level access.
In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum. End-to-end encrypted data, otherwise known as “edge” or Zero Trust encryption, expects an attacker to penetrate the networks over time, but protects the data by encrypting it at all times. That is, the data is protected with encryption while in the database, file stores, in use, in transit, through middleware and through database and application API’s.
Finally, administrator access can be managed through ticketing systems that deeply authenticate the administrator, and then issue a one-time token for them to use to access the systems that require their attention. So each time an admin wants to use the power of their position, they are required to re-authenticate. Unfortunately, none of these cyber defense best practices were in place in the South Korean defense department.”