In late October, defense contractor Thales suffered a cyberattack by Russian-language hacker group LockBit 3.0, which had announced that “all available [captured] data” would be released by Nov. 7 unless a ransom was paid. On Nov. 11, LockBit 3.0 finally released hundreds of internal company documents because Thales did not pay a ransom.
For its part, the French electronics company, which specializes in aerospace, defense and security, asserted that it had not received a ransom demand and launched an internal investigation. The company “has not detected any intrusion into its information systems.” The latter states “that it is the illegal publication of group-related data” and claims that the source of the leak is probably the compromised user account of an online collaboration website with a partner.
Although the data released by LockBit 3.0 on the dark web is not related to defense or military programs of Thales, this raises the question of IT security in a crucial way. How could this have been prevented? Depending on the case, there are several possibilities:
If the compromise was from a mobile device (iOS & Android), a secure mobile browser would have allowed device users to access the corporate intranet via an encrypted connection on their device.
If the hack came via a USB stick or malicious hard drive, there are tools that can be used to disable the connection to USB ports.
In this case, if a password was hacked, multi-factor authentication could have blocked this attack.
Finally, a kiosk mode to restrict access could have limited the leaks.