The LockBit ransomware gang recently carried out a cyber attack on a company that provides high-security fencing for military bases, stealing 10 GB of data. The attack exploited an obsolete Windows 7 PC to gain access to the company’s servers, with the stolen data subsequently published on the dark web. Although Zaun, the targeted company, claims that no classified documents were compromised, concerns remain about the potential exposure of sensitive information such as the contact details of military personnel and the specifics of physical security measures. This incident highlights the importance of maintaining up-to-date digital security measures, as mainstream support for Windows 7 ended in 2015.
Zaun has reported the data breach to the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO), signaling their commitment to addressing the issue and working with relevant authorities. However, it is evident that Zaun may have prioritized physical security over digital security, as indicated by their reliance on an outdated operating system. This incident serves as a reminder that organizations should proactively invest in robust cybersecurity measures to protect sensitive data.
The company sought to downplay the severity of the breach by emphasizing that Zaun is a manufacturer of fencing systems, not a government-approved security contractor. They emphasized that anyone can access their perimeter fencing and examine it. However, the potential exposure of historic emails, orders, drawings, and project files raises concerns about the extent of the breach’s impact.
In conclusion, the LockBit ransomware gang’s attack on Zaun highlights the need for organizations to prioritize digital security alongside physical security measures. The incident serves as a reminder of the potential risks associated with using outdated operating systems and the importance of regularly updating and patching systems to prevent cyber attacks. Organizations should also adopt proactive measures to protect sensitive data and promptly report any breaches to relevant authorities to mitigate the impact.
