Boeing aircraft factory hit with suspected WannaCry ransomware attack
An aircraft manufacturing plant in South Carolina owned by the Boeing Co. was thrown into chaos Wednesday after its computer systems were taken down by what the Seattle Times reported is a WannaCry ransomware attack — the same kind that made global headlines in 2017.
The details of the attack were revealed in a memo by Boeing Chief Engineer Mike VanderWel to staff calling for “all hands on deck.” He wrote that the malware attack was “metastasizing rapidly out of North Charleston” and that it had affected the 777 assembly line specifically. The memo also noted concern that the infection could potentially “spread to airplane software.”
Boeing itself downplayed the infection, saying in a statement that “our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems” and that “remediations were applied and this is not a production or delivery issue.”
Whether this was a WannaCry attack or not was called into question by Richard Henderson, global security strategist at Absolute Software Corp. He told SiliconANGLE that “we don’t know a lot as of yet, and maybe it’s not even WannaCry that hit Boeing. It could be a WannaCry-style piece of ransomware that is taking advantage of the EternalBlue vulnerability to spread throughout the factory floors.”
EternalBlue is an exploit pioneered by the U.S. National Security Agency that was leaked by hacking group The Shadow Brokers in April last year and was subsequently used by WannaCry and Russian hackers.
“If it is WannaCry, the kill switch that MalwareTechBlog registered to stop the outbreak last year should have stopped it from spreading,” Henderson added. “But if Boeing keeps these factory networks off the internet or with extremely limited access to the outside world, the ransomware may not be able to contact the kill switch and has no idea that it’s not supposed to be spreading.”
Noting concern that it could be a new WannaCry-like form of ransomware, Henderson said that “if it’s another attack leveraging EternalBlue, then this could be very bad. Factory networks, especially in places like this that are largely in operation 24/7, often can’t go down to deploy needed patches.”
Mike Kail, chief technology officer at CYBRIC Inc., said it’s “very concerning that security could have been breached in at least one critical supply chain at Boeing. If this happened, imagine if malicious code is injected somewhere without them noticing until it is too late.”
“Even if this attack was ‘limited,’ it shows a significant lack of security hygiene as the patches for WannaCry were issued months ago,” Kail added. “It also would seemingly indicate that they don’t have a robust disaster recovery/business continuity plan in place.”
Obsidian Security Inc. co-founder and Chief Technology Officer Ben Johnson believes the attack may actually be cover for data theft.
“While Boeing acted quickly, it’s important to keep in mind that ransomware attacks aren’t what they seem on the surface,” Johnson said. “A common objective is providing cover to gain access and maintain it long-term. Attackers are getting smarter about how they compromise more systems, so we’ll see continued ransomware campaigns waged against a range of organizations because they work.”
Photo: Yasuhiko Obara/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU