Confidential data from the US military contractor that supports the Minuteman III nuclear deterrent has been stolen by hackers
Hackers have compromised the computer network of Westech International and stolen confidential documents, it has been reported.
Sky News learned of the ransomware attack, and what makes it so concerning is the fact that Westech International is a contractor for the US military.
Indeed, Westech is heavily involved with the American nuclear deterrent as a sub-contractor for Northrup Grumman, providing engineering and maintenance support for the Minuteman III intercontinental ballistic missile (ICBM).
Unlike Trident, which is the submarine-based nuclear deterrent for the US and UK navy, Minuteman III missles are the US land-based nuclear deterrent, that are held in hundreds of protected underground launch facilities operated by the US Air Force.
A single Minuteman ICBM can deliver multiple thermonuclear warheads over 6,000 miles (the distance between London and Johannesburg).
According to the Sky News report, after gaining access to Westech’s computer network, the attackers encrypted the company’s machines and began to leak documents online to pressure the company to pay a ransom.
According to the report, it is unclear if the documents stolen by the attackers include military classified information, but files which have already been leaked online suggest the hackers had access to extremely sensitive data, including payroll and emails.
There are also concerns that Russian-speaking operators behind the attack could attempt to monetise their haul by selling information about the nuclear deterrent on to a hostile state.
The ransomware used to encrypt Westech’s computers is reportedly the MAZE ransomware, which is traded on a range of Russian-speaking underground cyber crime markets. It has been used to attack dozens of companies in the West in the past year alone.
A spokesperson for Westech confirmed to Sky News that the company had been hacked and its computers encrypted.
It reportedly said its investigations to identify what data the criminals had managed to steal were ongoing.
“We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files,” Westech’s spokesperson told Sky News.
“Upon learning of the issue, we immediately commenced an investigation and contained our systems,” the spokesperson added.
“We have also been working closely with an independent computer forensic firm to analyse our systems for any compromise and to determine if any personal information is at risk,” they said.
A number of security experts offered their insight into this troubling development.
“Cybercrime has matured,” explained Matt Lock, technical director at Varonis. “Executives and boards must understand that cybercrime is no longer relegated to the realm of amateurs hoping to strike it rich with an untargeted ransomware attack.”
“Organised cybercriminals are big-game hunting, and they are gunning for companies to take down,” Lock added. “Companies are reaching a turning point where they understand that it’s inevitable they will succumb to a cyberattack. It’s one reason why the principle of zero trust is gaining ground: You can’t trust users because any user could be compromised at any time.”
“Sure, it’s important to train users about phishing, perform backups and patch systems,” said Lock. “But what’s really scary is the idea that criminal groups will steal important data before they encrypt it and hold it for ransom. Talk about adding insult to injury: a company could pay the ransom, only to have their files leaked.”
Another expert warned that organisations need to adopt a proactive defensive stance in light of the growing number of ransomware attacks.
“This is yet another high-profile example of a contractor being inadvertently used by threat actors to carry out a ransomware attack,” said Tony Cole, CTO at Attivo Networks. “Ransomware attacks are particularly prevalent at this time because threat actors know organisations may have left themselves vulnerable in the rush to avoid business disruption during the pandemic.”
“To deal effectively with ransomware organisations need to move from reactive, incident response to an anticipatory, threat preparedness mindset,” said Cole. “Practical measures include ensuring all data is backed up with copies kept offline. Other steps include maintaining a secure infrastructure in line with NIST, ISO, or NCSC standards.”
“Additionally, put in place a mechanism to cover lateral movement and ransomware detection and mitigation,” Cole concluded. “Create, exercise, and update your incident response place at least yearly. Keep your systems are updated and have the latest patches.”
Do you know all about security? Try our quiz!