Posted on 06/13/2019 6:22:46 PM PDT by bitt
Belgium-based aircraft parts maker ASCO Industries has been severely hit by a ransomware attack that started last week.
Founded in 1954, ASCO has four manufacturing plants in Belgium, the US, Canada and Germany, and it employs 1,500 people. The companys products are used by most aircraft manufacturers, including Airbus, Boeing and Lockheed Martin. ASCO was taken over last year by US-based Spirit AeroSystems.
According to media reports, ASCOs machines were infected with an unidentified piece of ransomware on Friday and the company has been having trouble restoring operations.
The incident has reportedly disrupted the companys ability to supply products to customers and impacted roughly 1,000 employees, which have been placed on temporary leave.
SecurityWeek has reached out to ASCO for clarifications, but the firm has yet to respond. ASCO representatives said the attackers dont appear to have stolen any information.
The attack against ASCO has once again highlighted the dangerous power of ransomware. The attack has brought operations to a halt and resulted in over a thousand employees being sent home which will be having a significant impact on the organisation financially, Andrea Carcano, CPO and co-founder of Nozomi Networks, told SecurityWeek.
When it comes to ransomware, prevention is always better than cure as, if infected, it is never advisable to pay the ransom as it is not guaranteed that the criminals will honour the agreement and restore systems/data. Organisations should prepare for these types of events and have an incident response plan in place to help limit the damage caused, not only to production but also to customer trust and brand reputation, Carcano added.
(Excerpt) Read more at securityweek.com ...
p
Am I missing something obvious here about redundant data backups? It seems to me that the head IT guys of any company this happens to should be drawn and quartered.
They should find out who writes/deploys this shit an pull their intestines out through their mouths.
ASCO is a world class supplier of design and manufacture of high lift structures, complex mechanical assemblies and major functional components. We are passionate about precision in our products and in our relationships. Our rich history and understanding of market needs merges with our knowledge of technology in the aerospace industry. Our passion provides clarity and focus in supporting our customers with collaborative development projects.Too bad they don't have a "rich history" in infosec or "passion providing clarity" on how to keep criminals out of their network.
Time to plug those USB ports with cyanoacrylate.
Much of it is CIA authored/commissioned and escapes to the wild.
Having experience with factory automation, there is no reason in hell for exposing any production equipment to the public internet. Or allowing thumb drive or other possible contamination vectors.
The IT Manager needs a severe performance assessment.
The NSA.
My brother was the IS Director at a mid-size company.
Every night, back when they used tapes he would upload the latest copy into a duplicate system in his house.
He told me that most companies that lose their data are out of business in less than five years.
I suggested a briefcase with the handcuff, he did not laugh?
holy moly, don’t these giant corporations know enough to run their operations on virtual machines so they can just ditch infected ones?
Yes, clearly.
While servers, both physical and virtual, are backed up, workstations arent. Few companies do. Instead, they store their work related data on network drives which are backed up with the servers. Those network drives become the pathway for infections like cryptoware to spread across an organizations desktop and server environment. Every one of those desktops will have to be reimaged with its operating system and that takes a massive amount of time, especially if an organization isnt running an enterprise deployment system.
Ransomeware attacks come in through a number of different vectors. Hackers scan for open ports on the firewall and look for ways in. Port 3389, the default Remote Desktop port, is a common one where a hacker will run a brute force type attack searching for a working login combination using automated bots.
Another method, the most common, is the users. They will get phished via email, click a malicious link, or go to a compromised site. Hackers will often run ops for months, gaining information on employee emails, organizational structures, etc, looking for weak points.
The bottom line, companies need to invest money in Infosec. Users need to be trained and regularly audited for good security practices, leadership needs to onboard, and services like dark web monitoring for user account information need to be invested in.
I work in infosec and most companies dont take security seriously. If you run a business and you dont, youre a moron and its going to cost you. You either spend money now or you spend exponentially more later. Its not some guy in a dark room hacking your network anymore. Its one person, potentially even a team, in control of thousands of automated bots roving around the web looking for holes and gathering data on you, your network, the companies you work with, and your employees.
Did Hitlery Rotten Clinton given them a paid talk on cybersecurity?
Sure there is! Because money! Private vlans require planning, equipment, and maintenance... all of which is costly.
The swiftness at which you blame the IT manager shows just how ignorant you and most others are regarding technology. The IT manager has to have their budgets and proposals approved and often get their hands tied by management, arent given the resources they need, but then are quickly blamed when things fail.
Technology now will be obsolete in 5 years. That means the equipment, the procedures, and policies you put in place today may not be sufficient in the near future. Is there any other industry like that? Is there any other line of work that demands constant and continuing education and planning? What do you think happens when management changes, people are replaced, and companies experience downturns? Small problems can slowly grow into unfixable nightmares. Ive seen a few. In a perfect world IT is given the resources they need, they hire the right people, and do the right thing. Unfortunately that is not reality.
Exactly!
All of that, especially the comments about Ports 3389 and phishing begs the question, know that, why would anyone expose their system to the outside internet? Did their employees complain they could not shop Amazon or surf Facebook during their breaks?
malwarebytes and other anti-spyware and anti-virus software block ransomware. Did this company have any such software?
Isn’t there something called disaster recovery, where you can switch over to an alternate system in the event of something like this? I hear IT guys talk about it sometimes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.