{"id":1305,"date":"2024-09-22T16:43:45","date_gmt":"2024-09-22T16:43:45","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1305"},"modified":"2024-10-19T13:13:50","modified_gmt":"2024-10-19T13:13:50","slug":"why-are-so-many-companys-making-it-so-easy-to-be-hacked","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/why-are-so-many-companys-making-it-so-easy-to-be-hacked\/","title":{"rendered":"Why are so many company\u2019s making it so easy to be hacked?"},"content":{"rendered":"\n
\"Hackers\"<\/figure>\n\n\n\n

\u2018As the crow flies\u2019 is a common saying, denoting that the shortest distance between two points is a straight line \u2013 ignoring any geographic landmarks that would otherwise impede the journey. This is an idiom that can easily be applied to cybersecurity, particularly in light of the recent attack against an Australian defence contractor<\/a>.

The attacker, which the Australian Signals Directorate (ASD) has dubbed “ALF” (after Alf Stewart, a character in the long-running Australian TV soap Home and Away), was able to pilfer about 30 gigabytes <\/a>of data from the contractor. This treasure trove included information on Australia’s involvement in the F-35 Joint Strike Fighter program as well as data on the P-8 Poseidon patrol plane, planned future Australian Navy ships, the C-130 Hercules cargo plane, and the Joint Direct Attack Munition (JDAM) bomb.

Now, if the attacker wanted to steal this information from the Government, they would have found it much more difficult. But, hackers being the clever, lazy criminals they are, knew that \u2018as the crow flies\u2019, the simplest, fastest way to get their hands on this data was to target a contractor in the supply chain, rather than the Government itself.

So how much easier was it?

Well, once initially gaining entry through an internet-facing server, the attackers had free reign in the contractor\u2019s environment thanks in large part to incredibly careless username and password configurations (admin\/admin and guest\/guest). 

If this doesn\u2019t send alarms bells ringing, you\u2019re not paying close enough attention. 

As I\u2019ve written about before<\/a>: \u201cHackers know there\u2019s little point trying to attack you through the front door, especially when you\u2019ve left the back door ajar. Why would they waste the resources and effort mounting an attack against your alabaster walls when your supply chain is filled with smaller vendors whose credentials are much easier to steal… Attacking smaller organizations in the target business\u2019 supply chain is becoming more prevalent as the big end of town fortifies.\u201d

The campaign against the Australian defence contractor is just the latest in a long line of these \u2018supply-chain\u2019 attacks, and a potent reminder that the old world \u2018castle mentality\u2019 to cyber defence is not nearly good enough.

No one\u2019s business operates in a vacuum. Not only must policies extend beyond your own walls, you need to have a way to identify \u2013 and deal with \u2013 attackers after an initial breach.

This is another point in which the defence contractor failed. Not only were attackers able to waltz in to their environment, according the Australian Cyber Security Centre<\/a>, they \u201csustained access to the network for an extended period of time.\u201d.  

Think about the number of suppliers and contractors your business deals with on a regular basis. If an attacker was ultimately after confidential information on your operations, would it be easier to target them, or you?  Or flip the question \u2013 how many large organisations contract your business? What would happen if an attacker went through you, to get to them?

Simply put, security is only as strong as its weakest link. Not only should you make sure you\u2019re not that weak link, you need to be aware of the weak links in your own supply chain. Armed with this information, as Alf Stewart is known to say, you\u2019ll be in a position to \u201cstone the flamin\u2019 crows\u201d. <\/p>\n","protected":false},"excerpt":{"rendered":"

‘As the crow flies’ is a common saying, denoting that the shortest distance between two points is a straight line – ignoring any geographic landmarks that would otherwise impede the journey. This is an idiom that can easily be applied to cybersecurity, particularly in light of the recent attack against an Australian defence contractor. The […]<\/p>\n","protected":false},"author":1,"featured_media":1306,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1305","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/comments?post=1305"}],"version-history":[{"count":2,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1305\/revisions"}],"predecessor-version":[{"id":3706,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/posts\/1305\/revisions\/3706"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media\/1306"}],"wp:attachment":[{"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/media?parent=1305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/categories?post=1305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lmntrix.com\/blog\/wp-json\/wp\/v2\/tags?post=1305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}