IoT Maker Sierra Wireless Suffers Ransomware Attack

Sierra Wireless disclosed suffering from a ransomware attack on March 20, 2021. 

In a press release, Sierra Wireless stated they discovered the attack and immediately began countermeasures in partnership with “third-party experts.” Its site remains down for maintenance at time of writing. Additionally, other reports state that the ransomware attack forced the company to temporarily shut down its manufacturing. 

Sierra Wireless states the ransomware attack appears limited to its own internal systems and did not affect consumer-facing portals or resources. However, the company did withdraw its first-quarter financial guidance shared last month. 

This is another significant ransomware attack in a particularly devastating cybersecurity season. For more information, we reached out to several cybersecurity experts for their takes. 

IoT Maker Sierra Wireless Suffers Ransomware Attack

Bryan Embrey

Bryan Embrey is Director of Product Marketing at Zentry Security. 

“The famous WannaCry ransomware attack spread due to known vulnerabilities in Microsoft’s SMB protocol. The NotPetya variant spread via email attachments but exploited the same vulnerability.  While it is unclear how Sierra Wireless was attacked, ransomware attacks typically succeed through unpatched systems. The FBI advises adopting a broad strategy when addressing ransomware that includes managing the use of privileged accounts and configuring access controls, both of which are zero trust mechanisms. Organizations of all sizes should consider adopting zero trust as well as patching outdated systems and ensuring anti-virus and anti-malware solutions are up to date to combat the dangers of increasingly sophisticated ransomware.”

Chris Clements

Chris Clements is VP of Solutions Architecture at Cerberus Sentinel. 

“Sierra Wireless claims that they don’t currently believe that any customer services or products have been affected, but given the recent SolarWinds-based supply-chain compromise I urge both Sierra and their customers closely review software and firmware to ensure that no malicious alterations have been introduced by the attackers. Even if there is no reason to believe that such access would have been possible, the scale of devices Sierra Wireless manufactures warrant a thorough review to ensure the safety of their customers.

It’s important that all organizations understand the cost of a ransomware attack.  It’s not just the cost of investigation and restoration (which can be significant), but in many cases, it means that business operations halt altogether. Sierra Wireless’s main website remains offline 3 days after first discovering the attack and they have self-reported the shutdown of their manufacturing lines. 

Another unspoken precursor often necessary for a successful mass-scale ransomware attack is that after gaining initial access, say by phishing an average employee, the cybercriminals are successful in escalating their network privileges and gaining enterprise-wide administrative access to the entire organization. This means they have more or less complete control of all systems and data on the network and all of the potential risk of alteration, theft, and disclosure that level of access suggests.”

Matt Sanders

Matt Sanders is Director of Security at LogRhythm.

“This is the perfect example of the power a ransomware attack can have on an organization. Unfortunately, Sierra Wireless’ entire production has halted thanks to an attack that has completely debilitated them. When an organization falls victim to ransomware, the pressure to get back to normal business operations is huge and the ability to do so in a timely manner may be pivotal to the company’s ability to continue operating at all. Sierra Wireless will now also have to determine if sensitive information has been stolen. This is only one part of the story, as determining how the bad actors were able to access the network and remediating appropriately is critical, in addition to assessing whether the attackers have deployed means of persistence intended to survive the ransomware cleanup and provide them with future access.

Recovering from a ransomware attack takes time, and a well-rehearsed incident response plan will prove invaluable should the worst happen. Aside from planning their response to a successful attack, organizations should keep their prevention and detection technologies top of mind by ensuring that they have the appropriate protective controls in place, as well as visibility into what is happening across their environment. A properly configured security monitoring solution that has full visibility into the environment with robust automated response capability would help organizations such as Sierra Wireless identify malicious activity and thwart bad actors before ransomware can take hold.”

Stephan Chenette

Stephan Chenette is Co-Founder & CTO of AttackIQ.

“This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Sierra Wireless itself but also its customers, who rely on up-to-date information to keep their operations moving forward. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Because of this, it’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks.

To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”

Thanks to the experts for their time and expertise. For more information on protecting your business from ransomware, check out the Endpoint Security Buyer’s Guide.