Security Expert Re: Maze Ransomware Attacks ST Engineering’s U.S. Aerospace Subsidiary

The Maze Ransomware gang breached and successfully encrypted the systems of VT San Antonio Aerospace (VT SAA), a subsidiary of ST Engineering, one of Asia’s largest defense and engineering groups, as well as stole and leaked unencrypted files in April 2020 through a compromised administrator account.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Colin Bastable
Colin Bastable , CEO
InfoSec Expert
June 9, 2020 11:54 am

The fact that “ a compromised Administrator account” was the entry point for the Maze ransomware breach will be lost on most people. The truth is that hackers breached VT SAA’s defenses by bypassing their Maginot Line, or, perhaps more appropriately for the shareholders of ST Aerospace – the guns were pointing the wrong way.

In other words, the hackers succeeded by going around VT’s cyber defense, probably by phishing the human owner of the Admin account. The enemy is waging the war in front of them while most security teams are fighting the last war, the one where anti-virus software, encryption, 2FA and firewalls save the day.

Post attack, the focus of the story is always on encrypted data, “securing our systems”, buying more tech, retaining a well-known outside security advisory team and managing the PR. So the lesson is rarely learned: Patch People. Treat people as part of a holistic defense strategy.

For a fraction of the cost of cyber defenses, CISOs can teach employees how to be part of the defense. It’s not as sexy as big-budget security tech but it can work far better.

Last edited 2 years ago by Colin Bastable
1
0
Would love your thoughts, please comment.x
()
x