Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Johnson Controls, a major provider of building automation solutions, has fallen victim to a ransomware attack by the Dark Angels ransomware gang, potentially compromising sensitive information related to the U.S. Department of Homeland Security (DHS).
What Happened?
Johnson Controls underwent a disruptive cyberattack, particularly impacting its operations in Asia. In response to the attack, company officials took their systems offline for several of the company’s divisions that manufacture fire, HVAC, and security equipment for buildings.
The Dark Angels ransomware gang claimed responsibility for the incident, demanding a hefty ransom of $51 million.
Extent of Disruption
Not only were various subsidiaries of the company significantly affected due to IT outages caused by systems being urgently taken offline, but the firm also anticipates ongoing disruptions in several business operations.
Their immediate response involved initiating a thorough investigation with the help of external cybersecurity specialists and ensuring coordination with their insurers.
Promptly after detecting the issue, the Company began an investigation with assistance from leading external cybersecurity experts and is also coordinating with its insurers.
The Company continues to assess what information was impacted and is executing its incident management and protection plan, including implementing remediation measures to mitigate the impact of the incident, and will continue taking additional steps as appropriate.
Regulatory Filing (Source)
According to security experts, Dark Angels claims to have stolen 27 terabytes of sensitive data from the company.
U.S. Department of Homeland Security, at Risk
Johnson Controls reportedly has access to particular sensitive and classified DHS contracts, which include vital details about the physical security arrangements of numerous DHS facilities, such as floor plans.
CNN reported that they obtained an internal memo from the United States Department of Homeland Security that expressed concern about the incident and warned that the attack on Johnson Controls may have “compromised sensitive physical security information such as DHS floor plans.”
Senior DHS officials allegedly stated that they are attempting to determine whether the hackers gained access to the servers that housed the floor plans but are concerned that the looming US government shutdown will impede their efforts, explains The Record.
Industrial Control Systems, an Attractive Ransomware Target
The Johnson Controls attack is representative of the ongoing efforts of cybercriminal gangs to compromise vital supply chain and industrial control organizations like Johnson Controls.
In March, the European Union Agency for Cybersecurity issued a warning that ransomware was the greatest cyberthreat facing the European Union’s transportation sector. It also predicted that criminal organizations would “likely target and disrupt” operational technology (OT) systems “in the foreseeable future,” which could have even more severe consequences for victims.
If you want to learn more about how to protect industrial control systems against cyber threats, check out this article: Industrial Control System (ICS): Definition, Types, Security.
A Multi-Layered Cyber Defense, the Best Approach
If you’re looking for a cybersecurity solution to help you protect your IT infrastructure, Heimdal can help you build a multi-layered defense.
When it comes to advanced detection and response, Heimdal has you covered across the board, from endpoints and networks to emails, identities, and beyond. Reach out to our consultants to explore the best option for the specific needs, architecture, and risk profile of your organization.
- End-to-end consolidated cybersecurity;
- Complete visibility across your entire IT infrastructure;
- Faster and more accurate threat detection and response;
- Efficient one-click automated and assisted actioning
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
