Schneider Electric, a global leader in industrial manufacturing, has become the latest victim of a cyberattack which targeted its Sustainability Business division. The attack has been attributed to a rising ransomware operation known as “Cactus,” a relatively young yet prolific group that has been claiming double-digit victims nearly every month since last July, as reported by NCC Group to Dark Reading.
The industrial giant, which specializes in equipment for industrial automation and control systems, building automation, energy storage, and more, has released a press statement confirming that the damage from the breach was limited to its sustainability division. The division provides software and consulting services to enterprises and does not impact any safety-critical systems, according to Dark Reading.
The attack was entirely limited to platforms and operations associated with its Sustainability division because it operates as an autonomous entity with isolated network infrastructure, the company explained. Despite this, Schneider Electric has not yet revealed the scope of data which may have been lost to its attackers but did acknowledge that one affected platform was Resource Advisor, which helps organizations track and manage their ESG, energy, and sustainability-related data. It has already informed affected customers, and the company expects business operations to return to normal by the end of January.
However, the potential repercussions of the attack are still a cause for concern, especially since Schneider Sustainability serves a broad swath of organizations in more than 100 countries, including 30% of the Fortune 500, as of 2021, according to Business Wire. Given the number of potentially impacted customers, it remains to be seen how the company will address any ransom demand from the Cactus ransomware gang.
Cactus ransomware, which first arrived on the scene last March, has rapidly become one of the planet’s most prolific threat actors. According to data from NCC Group, Cactus has claimed over 100 victims spanning 16 industries since its inception. Its success is not due to any discernible technical prowess but rather to its reliance on known vulnerabilities and off-the-shelf software, as pointed out by Vlad Pasca, senior malware and threat analyst for SecurityScorecard.
Pasca noted that initial access is achieved using Fortinet VPN vulnerabilities, and then tools like SoftPerfect Network Scanner and PowerShell are used to enumerate the hosts in the network and perform lateral movement. This banal approach to cyberattacks serves as a reminder that even organizations with substantial cybersecurity budgets may still be impacted due to basic vulnerabilities, as highlighted by Schneider Electric’s story.
In the wake of this cyberattack, Schneider Electric will need to employ robust security measures to secure its systems and prevent future attacks. The company’s response to this incident will undoubtedly influence the cybersecurity strategies of other organizations working with Schneider Electric. With ransomware threats becoming more sophisticated and widespread, it is imperative that businesses remain vigilant and proactive in safeguarding their digital infrastructure against such attacks.