Security leaders share thoughts on Schneider Electric ransomware attack

Image via Unsplash

Schneider Electric Sustainability Business division suffered a ransomware incident on January 17th, 2024. The attack has impacted Resource Advisor and other division specific systems and accessed company data. All affected individuals have been notified The company's security team is continuing to take additional actions based on its outcomes, working with relevant authorities.

Security leaders share their thoughts on the recent attack and how other organizations can protect themselves.

John Gallagher, Vice President of Viakoo Labs:

"Whether for IoT, OT or ICS systems it has been a long standing best practice to ensure these systems are on dedicated and isolated networks to prevent lateral movement if vulnerable IoT devices are breached. But this is not that situation; this is a business division and more like a fully separate company. In addition to isolated or segmented networks, effective use of zero trust principles can also be effective in preventing lateral movement within an organization. Using application-based discovery to identify all application, device and port relationships can also be effective in setting up and maintaining an isolated network. Too often a network is properly configured and isolated, but over time both users and configuration drift can impact that segmentation and allow punch-throughs."

Sarah Jones, Cyber Threat Intelligence Research Analyst at Critical Start:

"The connection of the Schneider Electric attack to the Cactus ransomware group likely arises from two factors: Cactus' history of targeting corporate networks and potential Qlik software use within Schneider Electric. Since Cactus previously exploited vulnerabilities in Qlik software it further strengthens the Cactus connection. While Schneider Electric maintains confidentiality regarding the specifics of their Sustainability Business division's isolation, industry best practices suggest a layered approach. This approach likely includes network segmentation to confine the division's IT infrastructure, minimizing the attack surface. Firewalls and security controls act as gatekeepers, restricting traffic flow and preventing lateral movement or data exfiltration. In more extreme cases, it is possible the division's network might be air-gapped, offering the strongest isolation but at the potential cost of operational challenges. It is also likely the Schneider maintains dedicated security tools and personnel, enabling scanning for suspicious activity and swift detection and response capabilities. Additionally, access controls ensure only authorized individuals can access the systems, preventing unauthorized modifications. While sensitive data is likely encrypted at rest and in transit, providing an additional layer of protection."

Taelor Sutherland is the Associate Editor at Security magazine. Sutherland covers news affecting enterprise security leaders, from industry events to physical & cybersecurity threats and mitigation tactics. She is also responsible for coordinating and publishing web exclusives, multimedia content, social media posts, and a number of eMagazine departments. Sutherland graduated in 2022 with a BA in English Literature from Agnes Scott College.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.