Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Network Architecture Helping Ransomware Spread
June 23, 2020
You may have heard the news that Japanese auto manufacturer Honda was hit with a ransomware attack disrupting its global operation. In 2017, law firm DLA Piper shut down operations for several days because of a cyber incident too. It is believed that the network design of Honda and DLA Piper allowed malware to propagate through the companies' network due to lack of segmentation. CPO Magazine posted news that describes the attack on Honda and supports that the malware was able to impact multiple business units within the corporation.
Chris Kennedy, CISO at AttackIQ, said "The fact that the ransomware affected global operations, inclusive of factory operations, is an indicator their network may not be segmented and isolated in a way to prevent 'jumps' between different business functions." This reminds me of when I was designing networks for Mobil Oil and a refinery manager wanted me to connect an information system network to the SCADA system that controls refinery operation so he could get statistics from the computer on his desk. No way. If something bad happens on the information system network and jumps to the SCADA side, people die.
Apparently, decades later, we still haven't learned how to segment networks to provide traffic isolation. DLA Piper did state it was redesigning its network. I suspect we'll hear the same from Honda.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com