The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise.
The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October. News reports this week indicate internal documents, including details of arms procurement for the country’s next-generation fighter aircraft, were pilfered from at least 10 of the hacked computers.
The hackers reportedly manipulated server software and succeeded in siphoning records from connected workstations. Though South Korean officials stopped short of blaming North Korea, the latter has a history of cyber spying on the former. In October 2017, for instance, South Korea accused North Korea of stealing the South Korean-U.S. war plans, including strategies to be implemented in event of collapsing diplomatic relations.
In many respects, this latest hack, though not specifically attributed, was very predictable. Even in times of detente, you would expect both China and North Korea to be vigorously banging on the cyber front door in South Korea. What’s surprising is that the South Korean data was so easily stolen and that the attackers were able to escalate permissions to administrator level access.
In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.
End-to-end encrypted data, otherwise known as “edge” or Zero Trust encryption, expects an attacker to penetrate the networks over time, but protects the data by encrypting it at all times. That is, the data is protected with encryption while in the database, file stores, in use, in transit, through middleware and through database and application API’s.
Finally, administrator access can be managed through ticketing systems that deeply authenticate the administrator, and then issue a one-time token for them to use to access the systems that require their attention. So each time an admin wants to use the power of their position, they are required to re-authenticate.
Unfortunately, none of these cyber defense best practices were in place in the South Korean defense department.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-why-the-hack-of-south-koreas-weapons-munitions-systems-was-so-predictable/