The Radiflow Security Blog
Behind the News: Visser, a precision parts manufacturer for Tesla and SpaceX, confirms data breach
What we know:
- Visser Precision, a Denver, Colorado-based precision parts maker for automotive, aeronautics, space and defense contractors has confirmed a “cybersecurity incident” which included “access to or theft of data”
- The attackers had threatened to exfiltrate and publish documents containing extremely sensitive business related and technical information
- The company said that “business is operating normally”
- Security researchers say the attack was caused by the DoppelPaymer ransomware that has been active since mid-2019
Behind the news:
- Risk to Supply Chain: customers and suppliers up and down the supply chain may be affected by the attack, through exposure of proprietary information as well as malware infections through interconnected systems with Visser’s systems and through spear-phishing (electronic communications containing malware)
- IT-to-OT: as in the recently-reported ransomware attack on natural gas pipeline operations, the attackers used an IT malware to attack an industrial organization IT assets (rather than affecting industrial operations).
- A different kind of ransomware: DoppelPaymer follows the MO set by other groups, including Maze, Sodinokibi, Nemty and Snatch, whereas rather than just encrypting and preventing access to data, sensitive information is published on the dark net.
What can be done to secure my OT network from similar attacks?
- IEC62443-compliant risk assessment: The first step would be performing a thorough OT risk assessment, in accordance with the IEC62443 standard, to discover vulnerabilities including open ports and connections, lack of IT/OT network segmentation, external linking, etc. The assessment should produce a roadmap for risk mitigation which may include changes to network topology, stricter user access policies, and any other hardening measure.
- Threat detection and monitoring: Ongoing mitigation should utilize an OT-dedicated threat detection and monitoring system, capable of detecting threats specific to industrial operations.
Without proper measures set in place, one possible outcome of the attack is the spreading of malware to up- and downstream supply chain partners, through interconnected systems as well as through spear-phishing.