Aircraft Parts Maker ASCO Severely Hit by Ransomware

securityweek.com ^ | 6/13/2019 | Eduard Kovacs

[bitt]

Belgium-based aircraft parts maker ASCO Industries has been severely hit by a ransomware attack that started last week.

Founded in 1954, ASCO has four manufacturing plants in Belgium, the US, Canada and Germany, and it employs 1,500 people. The company’s products are used by most aircraft manufacturers, including Airbus, Boeing and Lockheed Martin. ASCO was taken over last year by US-based Spirit AeroSystems.

According to media reports, ASCO’s machines were infected with an unidentified piece of ransomware on Friday and the company has been having trouble restoring operations.

The incident has reportedly disrupted the company’s ability to supply products to customers and impacted roughly 1,000 employees, which have been placed on temporary leave.

SecurityWeek has reached out to ASCO for clarifications, but the firm has yet to respond. ASCO representatives said the attackers don’t appear to have stolen any information.

“The attack against ASCO has once again highlighted the dangerous power of ransomware. The attack has brought operations to a halt and resulted in over a thousand employees being sent home which will be having a significant impact on the organisation financially,” Andrea Carcano, CPO and co-founder of Nozomi Networks, told SecurityWeek.

“When it comes to ransomware, prevention is always better than cure as, if infected, it is never advisable to pay the ransom as it is not guaranteed that the criminals will honour the agreement and restore systems/data. Organisations should prepare for these types of events and have an incident response plan in place to help limit the damage caused, not only to production but also to customer trust and brand reputation,” Carcano added.

[bitt]

p

[DoughtyOne]

Thanks so much for your support to this point... I personally apprecaite it...
FReepers, it's far beyond time to wrap up this FReep-a-thon.  Lets do it today.  Please chip in.

President Donald J. Trump and the Free Republic of the United States of America
President Donald J. Trump's address to the United Nations on 09/19/2017.

Ramirez political cartoon:  Google LARGE VERSION 06/12/2019: LINK  LINK to regular sized versions of his political cartoons (archive).
Garrison political cartoon:  Socialism the Millennial Flytrap LARGE VERSION 06/2019: LINK  LINK (scroll down) to regular sized versions of his political cartoons (archive).

FReepers, 98.183% of the Second Quarter FReep-a-thon goal has been met.  Click above and pencil in your donation now.  Please folks, lets end this FReepathon.  Thank you!
...this is a general all-purpose message, and should not be seen as targeting any individual I am responding to...

Just $719.00 dollars to 99.00%

[Junk Silver]

Am I missing something obvious here about redundant data backups? It seems to me that the head IT guys of any company this happens to should be drawn and quartered.

[SpaceBar]

They should find out who writes/deploys this shit an pull their intestines out through their mouths.

[ProtectOurFreedom]

This is not what you want to hear about a company that makes aircraft parts.

ASCO is a world class supplier of design and manufacture of high lift structures, complex mechanical assemblies and major functional components. We are passionate about precision in our products and in our relationships. Our rich history and understanding of market needs merges with our knowledge of technology in the aerospace industry. Our passion provides clarity and focus in supporting our customers with collaborative development projects.

Too bad they don't have a "rich history" in infosec or "passion providing clarity" on how to keep criminals out of their network.

Time to plug those USB ports with cyanoacrylate.

[relictele]

Much of it is CIA authored/commissioned and escapes to the wild.

[bigbob]

Having experience with factory automation, there is no reason in hell for exposing any production equipment to the public internet. Or allowing thumb drive or other possible contamination vectors.

The IT Manager needs a severe performance assessment.

[Gunslingr3]

They should find out who writes/deploys this shit an pull their intestines out through their mouths.

The NSA.

[DUMBGRUNT]

My brother was the IS Director at a mid-size company.

Every night, back when they used tapes he would upload the latest copy into a duplicate system in his house.

He told me that most companies that lose their data are out of business in less than five years.

I suggested a briefcase with the handcuff, he did not laugh?

[867V309]

holy moly, don’t these giant corporations know enough to run their operations on virtual machines so they can just ditch infected ones?

[drunknsage]

Yes, clearly.

While servers, both physical and virtual, are backed up, workstations aren’t. Few companies do. Instead, they store their work related data on network drives which are backed up with the servers. Those network drives become the pathway for infections like cryptoware to spread across an organizations desktop and server environment. Every one of those desktops will have to be reimaged with its operating system and that takes a massive amount of time, especially if an organization isn’t running an enterprise deployment system.

Ransomeware attacks come in through a number of different vectors. Hackers scan for open ports on the firewall and look for ways in. Port 3389, the default Remote Desktop port, is a common one where a hacker will run a brute force type attack searching for a working login combination using automated bots.

Another method, the most common, is the users. They will get phished via email, click a malicious link, or go to a compromised site. Hackers will often run ops for months, gaining information on employee emails, organizational structures, etc, looking for weak points.

The bottom line, companies need to invest money in Infosec. Users need to be trained and regularly audited for good security practices, leadership needs to onboard, and services like dark web monitoring for user account information need to be invested in.

I work in infosec and most companies don’t take security seriously. If you run a business and you don’t, you’re a moron and it’s going to cost you. You either spend money now or you spend exponentially more later. It’s not some guy in a dark room hacking your network anymore. It’s one person, potentially even a team, in control of thousands of automated bots roving around the web looking for holes and gathering data on you, your network, the companies you work with, and your employees.

[a fool in paradise]

Did Hitlery Rotten Clinton given them a paid talk on cybersecurity?

[867V309]

The bottom line, companies need to invest money in Infosec.

from wiki: Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks.

well, duh.

[drunknsage]

Sure there is! Because money! Private vlans require planning, equipment, and maintenance... all of which is costly.

The swiftness at which you blame the IT manager shows just how ignorant you and most others are regarding technology. The IT manager has to have their budgets and proposals approved and often get their hands tied by management, aren’t given the resources they need, but then are quickly blamed when things fail.

Technology now will be obsolete in 5 years. That means the equipment, the procedures, and policies you put in place today may not be sufficient in the near future. Is there any other industry like that? Is there any other line of work that demands constant and continuing education and planning? What do you think happens when management changes, people are replaced, and companies experience downturns? Small problems can slowly grow into unfixable nightmares. I’ve seen a few. In a perfect world IT is given the resources they need, they hire the right people, and do the right thing. Unfortunately that is not reality.

[gunsequalfreedom]

Why would there entire system be linked to the internet and without a back-up they could put in use that was kept off-line and could be used to keep the company functioning?

[gunsequalfreedom]

Am I missing something obvious here about redundant data backups? It seems to me that the head IT guys of any company this happens to should be drawn and quartered.

Exactly!

[gunsequalfreedom]

All of that, especially the comments about Ports 3389 and phishing begs the question, know that, why would anyone expose their system to the outside internet? Did their employees complain they could not shop Amazon or surf Facebook during their breaks?

[minnesota_bound]

malwarebytes and other anti-spyware and anti-virus software block ransomware. Did this company have any such software?

[Hardastarboard]

Isn’t there something called disaster recovery, where you can switch over to an alternate system in the event of something like this? I hear IT guys talk about it sometimes.