Ransomware halts IoT operations at Sierra Wireless, as maritime industry is hit 1.5mn times in 30 days
The week started with some sensible guidance on cyber security. By Wednesday the theory became a nightmare reality for one of the Internet of Things (IoT) majors, Vancouver-based Sierra Wireless as it was halted by an all-out ransomware attack.
Of course, cyber security advice reaches us all the time, says Jeremy Cowan, and we regularly share the experts’ advice on protection measures for enterprises in IoT or any other industry. But it is still shocking to see a well-equipped solution provider struck so hard.
Sierra Wireless discovered on March 20th that its internal IT systems were under ransomware attack, and publicly announced it on March 23rd. A brief initial statement says, “Once the company learned of the attack, its IT and operations teams immediately implemented measures to counter the attack in accordance with established cybersecurity procedures and policies that were developed in collaboration with third-party advisors.
These teams, with the assistance of these and additional third-party advisors, believe they have addressed the attack, and are currently working to bring Sierra Wireless’ internal IT systems back online.”
As a result of the ransomware attack the company halted production at its manufacturing sites. Its website and other internal operations have also been disrupted.
Separate internal and customer IT
On March 26th the company says, “We believe the attack has been addressed, have resumed production and are currently working to bring Sierra Wireless’ internal IT systems back online, including our website. We believe the impact of the attack was limited to Sierra Wireless’ internal IT systems and corporate website, as we maintain a clear separation between our internal IT systems and customer facing products and services.
We believe that our products and connectivity services were not impacted, and that our customers’ products and systems were not breached during the attack. At this point in our investigation of the ransomware attack, we do not expect there to be any product security patches, or firmware or software updates required as a result of the attack.”
Sam Cochrane, chief financial officer at Sierra Wireless who also oversees IT operations and supply chain commented, “Security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems. I’m proud of the efforts of our IT team and external advisors as they have mitigated the attack and made real progress in getting operations up and running. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation.”
At the time of writing, Sierra Wireless’s website simply shows the company’s ransomware announcement with links to the earlier reports on BusinessWire. No other pages are visible.
IoT analyst and co-founder of Transforma Insights, Matt Hatton commented that the attack is, “another argument for keeping your IT and OT (operations technology) unconverged.”
Plenty of advice, but what protections?
This news coincided with advice from Ryan Weeks, CISO at Datto on the recent cyber attack on Acer. “The recent attacks are a validation that it can happen to anyone – businesses of all sizes are at risk. Vulnerabilities of this size can be too complex for an organisation to address on its own: MSPs and MSSPs – often operating as the first line of defence – can protect their clients from an increasingly complex and fast changing threat landscape. To address these types of threats, MSPs and MSSPs need to think beyond established security tools and build true cyber resilience, the most impactful strategy in the fight against cyber-attacks.”
Weeks added, “Cyber resilience combines the effective practices of cybersecurity, business continuity and incident response and requires capabilities in five functional areas: identify, protect, detect, respond, and recover. These capabilities cannot be bought, they need to be built, combining people, processes, and technology. With the right cyber resilience capabilities, MSPs and MSSPs can protect their clients from unknown threats, minimise the impact of attacks and reduce downtime.”
Maritime IT security under major threat
Meanwhile, Subex and SkyLab have also teamed up to secure the shipping industry. The Bangalore and Singapore companies are partnering to offer IoT and OT cybersecurity solutions and services to the maritime sector.
These solutions are already securing ships, offshore and onshore maritime assets, communication channels and shipping infrastructure, all of which will now receive cybersecurity protection, threat risk management support, solutions and services.
According to Subex’s research, shipping companies around the globe were attacked almost 1.5 million times just in the last 30 days. Of these, more than 64,000 attacks were described as “highly sophisticated and carried out using complex malware and breach tactics. Social engineering, deception, and traffic manipulation were all used to create breaches and enable intrusion into core and peripheral infrastructure.”
Anyone who believed prior to the Acer and Sierra Wireless’s attacks that it will never happen to them might want to review their security, back-up and business continuity processes.
The author is Jeremy Cowan, editorial director of VanillaPlus.