fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Steelcase Furniture Giant Down For 2 Weeks After Ransomware Attack

Steelcase Furniture Giant Down For 2 Weeks After Ransomware Attack

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks.

Steelcase is the world’s largest office furniture manufacturer, with almost 13,000 employees, a network of 800 dealers, and $3.7 billion in revenue in 2020.

Two weeks of downtime

On October 27, Steelcase announced in a filing with the Securities and Exchange Commission (SEC) that its network was hit by a cyberattack on October 22. The attack required the shutdown of all impacted systems and related operations.

“All production has been halted since Oct. 22nd as we depend on the ‘network’ for running, scanning and transferring product in the plants,” a Steelcase employee told BleepingComputer the same day. “We just were sent an update that no production work will be done the rest of this week.”

Today, the company said in a new 8-K form filed with the SEC that the incident led to a two-week operational shutdown.

Also Read: How Singapore Cybersecurity Masterplan 2020 Is Formidable

“The Company quickly implemented a series of containment and remediation measures to address the situation, conduct a forensics investigation and reinforce the security of its systems,” Steelcase said.

“Those measures included the Company shutting down most of its global order management, manufacturing and distribution systems and operations for approximately two weeks.”

Today’s filing confirms that the company’s business operations were indeed affected by the ransomware attack, something we didn’t know after BleepingComputer’s requests for more details went unanswered.

One week after the attack, on October 29, the same Steelcase employee said that the company’s systems were still down, with the company notifying employees that they “could apply for unemployment instead of using [their] vacation time for hours missed.”

No data stolen from compromised systems

Steelcase said today that it has now resumed normal operations and is working on getting back to normal order lead times by shipping all orders delayed by the shutdown.

The office furniture manufacturer expects some third-quarter shipments to be delayed to the fourth quarter “due to the timing of the operational shutdown, which spanned into early November.”

Steelcase incurred additional costs due to system remediation, restoration, and reinforcement, as well as operational inefficiencies after the attack.

Steelcase also said that no sensitive customer or employee data was collected and stolen from any of the systems affected in the ransomware attack.

“The Company has substantially completed its forensic investigation and has found no evidence that any exfiltration of sensitive business data, including intellectual property or customer, supplier or employee data, occurred as a result of this event,” the furniture manufacturer said.

While the company refused to acknowledge that this was a ransomware attack in the initial SEC filing and the one filed today, BleepingComputer had information from a source in the cybersecurity industry that the Ryuk ransomware gang was the one responsible for the attack on their systems.

Ryuk ransom note
Ryuk ransom note

Even though there is no info on how Ryuk infiltrated Steelcase’s network, based on previous attacks against Sopra Steria and Universal Health Services, they most likely used access provided by BazarLoader or TrickBot to deploy ransomware payloads on the network.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

Once they gain network access and admin credentials, the Ryuk actors manually deploy the payloads on network devices using PSExec or PowerShell Empire following a reconnaissance stage.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us