Grant Gross | Washingtonexaminer.com
Foxconn, the electronics manufacturer, was recently hit with a ransomware attack, with hackers demanding $34 million to restore data in a Mexican facility.
The attackers reportedly attacked IT infrastructure supporting a Foxconn manufacturing facility in Ciudad Juarez, Mexico, and encrypted about 1,200 servers and deleted several terabytes of backups.
Foxconn, in a statement, confirmed that an information system in the United States supporting its operations in the Americas was attacked on Nov. 29. The affected systems are being brought back into service in phases, the statement said. The Taiwanese company didn’t respond to a request for additional information.
Foxconn is the largest original equipment manufacturer globally, producing electronics
Since early November, the attack on Foxconn is the second on a major OEM, noted Saryu Nayyar, CEO of cybersecurity vendor Gurucul. Compal, a Taiwanese company that builds laptops for other brands, was hit with a ransomware attack early in the month. Meanwhile, in early December, high-profile cybersecurity firm FireEye disclosed a breach, with some of its hacking tools taken.
These OEM attacks show that “the attackers are becoming more sophisticated, going after bigger game, and improving their business model,” Nayyar said. “We can expect this to become their new standard model: Break in, steal data to use for extortion, deploy ransomware, profit.”
Organizations need to “up their game” to protect against ransomware attacks, Nayyar added. She suggested that companies improve user education about cybersecurity and deploy multifactor authentication and solid perimeters. If hackers get inside a company network, “a robust security stack, with security analytics, can help identify a breach and mitigate it before the attackers steal data or encrypt systems,” she said.
Large companies are big targets for ransomware, other security experts said. Successful attacks such as the one on Foxconn “demonstrate that extorting large organizations can be much more profitable than attacking unsuspecting individuals,” said Andrea Carcano, co-founder of Nozomi Networks, a security vendor.
Carcano advised companies to factor ransomware attacks into their incident response plans. “Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions,” he told the Washington Examiner.
With $172 billion in revenue in 2019, Foxconn is a prime target for ransomware, “especially when the ransomware extortionists are only looking for a $34 million score,” added Michael Puldy, CEO and founder of Puldy Resiliency Partners, a cybersecurity vendor.
Ransomware groups are changing their tactics from mass spam to targeting specific companies, he added. “Clearly, they are finding this approach both cost-effective and extremely more lucrative,” he told the Washington Examiner.
Companies need to create a culture where employees take cybersecurity seriously, Puldy recommended. One of Puldy’s clients had six people click on phishing emails out of 54 that the organization received.
“Not one person reported the incident,” he said. “This is a culture where no one cares, and the people who took the bait are too embarrassed and not incented to report what they did.”
Hackers seem to be shifting their ransomware attacks away from healthcare and finance companies, added Mark Soto, owner of ransomware data recovery vendor Cybericus.
“As the cybersecurity for the companies in these industries improves and employees recognize more immediate dangers, the success of them diminishes,” he told the Washington Examiner. Attacks on healthcare and finance companies bring “a lot of negative attention from the authorities and people in general when hackers have access to data that can ruin their financial well being.”
But ransomware attacks on OEMs may be a better alternative for hackers because they don’t put consumers’ health or finances at risk, he said.
“Industries that hadn’t been at as high risk of ransomware attacks before — they have always been at risk but not as high as of yet — need to start immediately bringing awareness to their employees about the dangers of it,” he added, echoing advice from other experts. “You can have the greatest cybersecurity software in the world, but if your employees aren’t aware of how to stay safe, that won’t matter.”
External Link: Hackers target large tech manufacturers with ransomware