The week started with some sensible guidance on cyber security. By Wednesday the theory became a nightmare reality for one of the Internet of Things (IoT) majors, Vancouver-based Sierra Wireless as it was halted by an all-out ransomware attack.
Of course, cyber security advice reaches us all the time, says Jeremy Cowan, and we regularly share the experts’ advice on protection measures for enterprises in IoT or any other industry. But it is still shocking to see a well-equipped solution provider struck so hard.
Sierra Wireless discovered on March 20th that its internal IT systems were under ransomware attack, and publicly announced it on March 23rd. A brief initial statement said, “Once the company learned of the attack, its IT and operations teams immediately implemented measures to counter the attack in accordance with established cybersecurity procedures and policies that were developed in collaboration with third-party advisors.
These teams, with the assistance of these and additional third-party advisors, believe they have addressed the attack, and are currently working to bring Sierra Wireless’ internal IT systems back online.”
As a result of the ransomware attack the company halted production at its manufacturing sites. Its website and other internal operations have also been disrupted.
Separate internal and customer IT
On March 26th the company said, “We believe the attack has been addressed, have resumed production and are currently working to bring Sierra Wireless’ internal IT systems back online, including our website. We believe the impact of the attack was limited to Sierra Wireless’ internal IT systems and corporate website, as we maintain a clear separation between our internal IT systems and customer facing products and services.
We believe that our products and connectivity services were not impacted, and that our customers’ products and systems were not breached during the attack. At this point in our investigation of the ransomware attack, we do not expect there to be any product security patches, or firmware or software updates required as a result of the attack.”
Sam Cochrane, chief financial officer at Sierra Wireless who also oversees IT operations and supply chain commented, “Security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems.
I’m proud of the efforts of our IT team and external advisors as they have mitigated the attack and made real progress in getting operations up and running. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation.”
At the time of writing, Sierra Wireless’s website simply shows the company’s ransomware announcement with links to the earlier reports on BusinessWire. No other pages are visible.
IoT analyst and co-founder of Transforma Insights, Matt Hatton commented that the attack is, “another argument for keeping your IT and OT (operations technology) unconverged.”
Plenty of advice, but what protections?
This news coincided with advice from Ryan Weeks, CISO at Datto on the recent cyber attack on Acer. He will be expanding for us on this, but in the meantime advises that IT professionals can prepare and take action against these types of attacks through:
- Recovery and continuity plans – for Software-as-a-Service (SaaSP) platforms such as Microsoft 365.
- Restoring from back-ups – this has become more prevalent in the last year, overtaking re-imaging machines as the number one recovery vector. This is an important point to consider for reducing the amount of downtime following an attack.
- Proven methods to help ensure back-ups are safe and readily available for fast restores – as back-ups are also being targeted
- How to spot insider threats – specifically the colluding insider who is potentially being forced to, or paid to, share information or execute illegal acts.
Maritime IT security under major threat
Meanwhile, Subex and SkyLab have also teamed up to secure the shipping industry. TheBangalore and Singapore companies are partnering to offer IoT and OT cybersecurity solutions and services to the maritime sector.
These solutions are already securing ships, offshore and onshore maritime assets, communication channels and shipping infrastructure, all of which will now receive cybersecurity protection, threat risk management support, solutions and services.
According to Subex’s research, shipping companies around the globe were attacked almost 1.5 million times just in the last 30 days. Of these, more than 64,000 attacks were described as “highly sophisticated and carried out using complex malware and breach tactics. Social engineering, deception, and traffic manipulation were all used to create breaches and enable intrusion into core and peripheral infrastructure.”
Anyone who believed prior to the Acer and Sierra Wireless’s attacks that it will never happen to them might want to review their security, back-up and business continuity processes.
The author is Jeremy Cowan, editorial director of IoT Now.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow
via https://www.aiupnow.com
by Anasia D'mello, Khareem Sudlow