The UK’s Ministry of Defence (MoD) has been hit by a supply chain cyberattack that saw information on 124 new recruits leaked, and knocked the army’s recruitment portal offline for over a month. Analysts told Tech Monitor the attack appeared to be the work of opportunistic hackers, but it has led to an urgent review of IT security at the MoD.
Data on 124 new recruits, including full names, dates of birth, addresses, qualifications, previous employment details and family information, has been stolen in the breach, and has reportedly been put up for sale on the dark web. The army recruitment portal, the Defence Recruitment System (DRS), has been offline since March 16 as investigations continue.
Ministry of Defence falls victim to supply chain attack
The DRS is managed by outsourcing business Capita, which is where the issue started, meaning the MoD has been the victim of a supply chain attack, explains global head of threat analysis at security company Darktrace Toby Lewis. “The website targeted was outsourced to a third-party contractor and is almost certainly not connected to the core military networks,” Lewis says. “Supply chain compromises have been on the rise for a long time now because they have become one of the simplest and most effective means for attackers to infiltrate their desired target.”
Lewis continues: “All reporting suggests this was low-level in terms of sophistication – this appears to be simple credential masquerading, either through a leaked or weak password, or stolen via phishing.”
As reported by Tech Monitor, supply chain attacks are a growing risk for businesses. “Because all of these organisations have got third parties and partner organisations that connect into them, sometimes it’s really difficult to control,” says Bharat Mistry, technical director of the UK and Ireland at security company Trend Micro. “You’ve got this challenge of collaboration with external providers. How do you guarantee that they’re holding up the same level of security that you are?
The size of this particular attack and the attempt to monetise the data both point to an opportunistic cybercriminal, Mistry adds. “It seems like an opportunistic gang who’s probably found some information,” he says. “They may even have tried to extort some money out of the Army as well.”
Ministry of Defence launches investigation into cyberattack
These kind of breaches are common with online portals such as DRS, says Rosa Smothers, SVP of cyber operations at KnowBe4. “Web portals containing personally identifiable information are always a target of opportunity for hackers, whether they are government or civilian targets,” she says. “They were selling this recruitment data on the dark web and the buyers could have been a government entity or anyone interested in building fake credentials from these identities.”
The Ministry of Defence has said that it will be launching a review into its IT security in response to the attack. Armed Forces Minister James Heappey announced this week that an “urgent review of our IT security has been ordered as a consequence [of the hack]. If they were hacking the recruitment system, that is clearly a poor reflection of our own IT.” The Information Commissioner’s Office has also taken a look at the incident and decided no further action was required.