Sierra Wireless Ransomware Attack Shuts Down Operations, Production

A Sierra Wireless ransomware attack has halted the IoT solution provider’s internal operations and production. Even the company’s website is down, as of 3:45 p.m. ET Wednesday.

The company, which is active in the channel, said it discovered the ransomware attack on its internal IT systems on March 20. Since then, its IT and operations teams implemented measures to counter the attack.

In response to the ransomware attack, Sierra Wireless stopped production at its manufacturing sites.

“The company believes it will restart production at these facilities and resume normal operations soon,” it said. “In the meantime, Sierra Wireless asks its customers and partners for their patience as it seeks to remediate the situation.”

At this time, Sierra Wireless believes the impact of the attack was limited to its own systems, as the company maintains a clear separation between its internal IT systems and customer-facing products and services.

‘Highly Sensitive and Confidential’

We contacted Sierra Wireless spokesperson Louise Matich to find out if the company knows who’s behind the attack and if they’re demanding a ransom.

Sierra Wireless’ Louise Matich

“Beyond notifying the third-party advisers, our customers and others impacted by the attack, we do not share our protocols for dealing with any ransomware attacks as this is considered highly sensitive and confidential,” she said.

Due to these disruptions, Sierra Wireless is withdrawing the first quarter 2021 guidance it provided on Feb. 23.

Dirk Schrader is global vice president of security research at Net New Technologies (NNT).

“That a ransomware attack is bringing a complete IoT manufacturing company to a standstill, forcing it to pull back its financial outlook, is quite rare,” he said. “It might demonstrate that the attackers were able to move laterally with little hinderance, resulting in a production disruption. In the light of recent attack patterns, another possibility is that the company is trying to prevent the inclusion of compromised code into its products.”

Continued Privileged Access Abuse

Joseph Carson is chief security scientist and advisory CISO at Thycotic.

Thycotic’s Joseph Carson

“Cybercriminals continue to abuse privileged access, which enables them to steal sensitive data and deploy malicious ransomware,” he said. “This means that organizations should prioritize privileged access as a top security measure to reduce the risks of ransomware, and ensure strong access controls and encryption for sensitive data.”

Organizations must take ransomware seriously as it will continue to be one of the biggest cyber threats, Carson said.

“Ransomware continues to be very costly for many organizations,” he said. “The price you pay for not being prepared is on the rise. It only takes one employee with local admin privileges clicking on a malicious email attachment to take down an entire company.”

IoT Apps Equally Susceptible

WhiteHat Security’s Peter Monahan

Peter Monahan is WhiteHat Security‘s director of global solutions architecture.

“The application layer of most IoT technologies is critical to its successful implementation, providing the ability to install, operate, manage and update the device, as well as connect it to other integrated systems,” he said. “These applications are no less susceptible to security vulnerabilities than traditional web or mobile applications.”

The majority of IoT applications are also designed to interact with any number of APIs, which may also be equally susceptible to security weaknesses, Monahan said. Furthermore, external third parties frequently develop and distribute these APIs.

“This creates a significant challenge in summarizing the overall security posture of any particular device, depending upon its intended implementation,” he said.