Issue No. 119July 2022
Learning from the SHI International Malware Attack
Over the 4th of July weekend, SHI International, one of the world’s largest IT service providers, experienced what the company has termed a ‘professional and coordinated’ malware attack. As of this writing, the company is still working to restore connectivity to its systems and infrastructure so that they can service their 15,000 customers. SHI has brought in federal law enforcement and forensic investigators to continue their cleanup process, but do not believe that any sensitive customer data was compromised or exfiltrated as part of the hack.
No matter the vector of the SHI attack, the reverberations of a cyberattack of this size and scope will be felt for some time. Although the company appears to be taking the correct steps to mitigate the situation and assuage their customer’s concerns, attacks of this nature highlight just how vulnerable any business can be to a cyber or ransomware attack. Additionally, SHI’s posture in addressing the attack (engaging with law enforcement and a forensic IT team) show the seriousness of an attack of this nature, and how it can bring even a large enterprise to its knees temporarily.
What does this mean for organizations solidly in the SMB space? Many businesses ascribe to what is termed ‘security through obscurity.’ Essentially, the idea is that they don’t need to worry as much about securing their infrastructure as a large organization, as they are not a target for cyber-criminals. Attacks like the one that SHI is still attempting to mitigate show in stark relief the wrong-headedness of this belief. Although SHI is a large organization solidly in the enterprise space, their client base is not. An IT provider like SHI potentially has hooks into a huge number of small businesses, each that must in turn be worried about their level of exposure, especially since SHI is still trying to determine the breadth of the attack they experienced.
The idea that the security of your business’ critical systems and infrastructure could be compromised because of a breach at a trusted vendor is likely horrifying to many reading this. Unfortunately it is also increasingly the norm. Attackers look for any exploitable inroad into a company they’re looking to exploit. As security has increased in the enterprise space, attackers are typically unable to breach a network using any type of ‘brute force’ method. Instead, they usually rely on an exploit of some kind. This might be an employee who’s system is vulnerable, an unpatched Operating System on a computer inside the work, or a longstanding vendor relationship. Depending on the nature of the vendor, the level of access they have to mission critical systems makes an obvious choice for an attacker looking to collect a ransom payment, gather exploitable credentials, or valuable personal data about a company’s clients.
To mitigate attacks of this nature, it is important to take a multi-layered approach to security. Having a business-class firewall is a good first step, that should also be layered on with a robust antivirus/EDR (Endpoint Detection and Remediation) solution, email filtering, staff training, etc. Securing your business is truly a moving target, and business leaders must continue to educate and innovate to stay one step ahead of attackers. If you have any concerns about the security posture of your business, consult an IT professional.