The contractors that provide U.S. military and intelligence agencies with products and services have long faced espionage-motivated attacks, but are now also confronting malicious software attacks to sabotage their operations, by blocking information or manipulating data.
Ransomware is a growing threat and this is impacting defense contractors as well, such a Boeing, which was hit by the WannaCry virus in March. The attack was apparently perpetrated by North Korea, and took advantage of a year-old vulnerability.
Another point of entry for hackers is employees, who are increasingly facing sophisticated social engineering attacks, like phishing attacks where hackers masquerade as a trusted acquaintance to trick a victim into opening an email or link that has malware built into it. Russia-connected hackers have a history of using this tactic with defense contractor employees.
Manipulating information runs the risk that hackers can ultimately cause physical damage by altering the coding of a system. This was the strategy used by Stuxnet, a worm of likely-US origin that attacked Iran’s nuclear centrifuges in 2007.
