Simpson Manufacturing Co. Inc., an engineering firm and building material provider in the U.S., has been struck by a cyberattack that caused disruptions in its information technology infrastructure and applications.

The disclosure was made in a filing with the Securities and Exchange Commission, with the company saying that after becoming aware of the malicious activity, it began taking steps to stop and remediate the activity, including taking certain systems offline.

Along with stating that it had hired third-party cybersecurity experts to support its investigation and recovery efforts, Simpson Manufacturing added that the incident “has caused and is expected to continue to cause disruption to parts of the company’s business operations.”

While the form of cyberattack was not disclosed, the saying that if it sounds like ransomware, it probably is ransomware comes into play. That Simpson Manufacturing has been forced to take systems offline and is still experiencing disruptions suggests, at the very least, lateral movement across its network and lateral movement is typically an indicator of a ransomware attack.

So far no ransomware group has claimed responsibility for the attack, but in the fast-moving world of cybercrime, that could quickly change.

“This is just the latest victim from the world of professional cyber attackers,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE. “Decades ago, most cyber attacks were the result of young adults trying to earn the admiration of their like-minded peers. Today, almost all cyber attacks are carried out by professional groups who do it for a living and nation-state attackers.”

The two most likely ways the attackers got in are social engineering and unpatched software, he noted. “Every organization needs to do a better job of fighting social engineering,” he said. “This often means better educating end users on how to recognize and put down attacks and aggressively patching their software and firmware.”

Nick Tausek, lead security automation architect at security automation company Swimlane Inc., noted that as threat actors continue to target the manufacturing industry, it’s essential to implement the proper tools to prevent and mitigate any future breaches.

“Proper tools include low-code automation, which removes the need for heavy coding from users and allows full visibility into IT environments, ensuring the highest level of protection over valuable human information and providing security teams with alerts in real-time that can assist in thwarting any potential threats,” Tausek added.

Image: Simpson Manufacturing