The medical device company Olympus has been the target of a cyberattack yet again. This comes on the back of last month’s ransomware hit on the company’s European, Middle East and Africa network.
The first attack was featured on Digital Journal, see: “Olympus ransomware attack: Time for a quantum leap?”
With the previous attack, A ransom note left behind on infected computers claimed to be from the BlackMatter ransomware group.
With the new incident, at present, the extent of the attack or what kind of data was compromised is unknown. However, it is apparent that the firm’s IT systems in the U.S., Canada and Latin American have been forced to shut down.
In a statement on its website, Olympus indicates that it is “investigating a potential cybersecurity incident detected October 10” and is “currently working with the highest priority to resolve this issue.”
Looking into the implications of a second cyberattack upon a major company for Digital Journal is James Carder, Chief Security Officer and Vice President of LogRhythm.
Carder begins by assessing why these types of firms are favoured targets for cyber-criminals: “Medical technology giants have proven to be a hot commodity among cybercriminals and ransomware groups due to their substantial customer bases, as well as the potential degree of impact that comes along with targeting companies in the medical industry.”
As to the origins, Carder says we cannot ignore the earlier incident that struck the firm, noting: “While this could be a new attack against Olympus, it’s likely this could be a continuation of last month’s ransomware attack on their European, Middle East and Africa network.”
This relates to the nature of the vector used for the attack: “Unfortunately, ransomware is multi-staged and there is a persistence around the access, reconnaissance and exfiltration that could be remnant of September’s attack. While it hasn’t yet been disclosed whether any customer or company data has been compromised, the potential repercussions remain relevant. In the case of this attack, IT infrastructures and other vital affected systems have been shut down.”
In terms of lessons to be learned and measures to take by other businesses that are feeling vulnerable, Carder recommends: “To reduce the chances of these kinds of attacks, companies must be proactive. In the case of a cyberattack, it is essential that organizations evaluate and analyze operations throughout the entirety of their systems to ensure similar compromises do not occur.”
He adds that: “ Enterprises must implement security monitoring solutions that permit full visibility into IT environments. Properly configured cybersecurity platforms that offer automated response protocols can help thwart these attacks by allowing for real-time monitoring, detection and response capabilities, ultimately keeping valuable data safe and ensuring that customers and companies alike remain protected.”