According to local media, forklift manufacturer Crown Equipment confirmed Wednesday that it suffered a cyberattack on June 8th that disrupted manufacturing at its plants.
Crown is one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide.
Since the attack, all IT systems have been shut down and employees have been unable to clock in their hours, access service manuals, or deliver machinery in some cases. Employees have been told not to accept MFA requests and to be cautious of phishing emails.
“We determined that many of the security measures Crown had in place were effective in limiting the amount of data the criminals were able to access. We also learned that the hackers gained entry into our system because an employee failed to adhere to our data security policies by allowing unauthorized access to their device,” Crown said in an email sent to employees yesterday.
It is believed that the breach occurred after an employee fell for a social engineering attack and allowed a threat actor to install remote access software on their computer.
Ted Miracco, CEO, Approov Mobile Security had this to say:
“The recent cyberattack on forklift manufacturer Crown Equipment highlights the critical need for comprehensive zero-trust solutions that extend beyond the corporate network to include edge devices, such as mobile phones and personal devices. This breach is believed to have occurred after an employee fell for a social engineering attack, allowing a threat actor to install remote access software on their device. This incident underscores the vulnerability of edge devices, which are often more susceptible to social attacks like phishing. To enhance security, it’s crucial that zero-trust principles encompass all devices, including personal and mobile ones. Mobile apps should also incorporate security measures that attest to the integrity of the device, verifying whether it has been compromised. This can prevent unauthorized access and ensure that only secure devices interact with corporate systems.”
On top of what Mr. Miracco said, defences have to be layered so that attacks don’t work at all, or are limited in scope as the threat actor would not be able to get very far into a network. Otherwise you get this situation.
Related
This entry was posted on June 21, 2024 at 8:26 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Crown Equipment Pwned In Cyberattack
According to local media, forklift manufacturer Crown Equipment confirmed Wednesday that it suffered a cyberattack on June 8th that disrupted manufacturing at its plants.
Crown is one of the largest forklift manufacturers in the world, employing 19,600 people and having 24 manufacturing plants in 14 locations worldwide.
Since the attack, all IT systems have been shut down and employees have been unable to clock in their hours, access service manuals, or deliver machinery in some cases. Employees have been told not to accept MFA requests and to be cautious of phishing emails.
“We determined that many of the security measures Crown had in place were effective in limiting the amount of data the criminals were able to access. We also learned that the hackers gained entry into our system because an employee failed to adhere to our data security policies by allowing unauthorized access to their device,” Crown said in an email sent to employees yesterday.
It is believed that the breach occurred after an employee fell for a social engineering attack and allowed a threat actor to install remote access software on their computer.
Ted Miracco, CEO, Approov Mobile Security had this to say:
“The recent cyberattack on forklift manufacturer Crown Equipment highlights the critical need for comprehensive zero-trust solutions that extend beyond the corporate network to include edge devices, such as mobile phones and personal devices. This breach is believed to have occurred after an employee fell for a social engineering attack, allowing a threat actor to install remote access software on their device. This incident underscores the vulnerability of edge devices, which are often more susceptible to social attacks like phishing. To enhance security, it’s crucial that zero-trust principles encompass all devices, including personal and mobile ones. Mobile apps should also incorporate security measures that attest to the integrity of the device, verifying whether it has been compromised. This can prevent unauthorized access and ensure that only secure devices interact with corporate systems.”
On top of what Mr. Miracco said, defences have to be layered so that attacks don’t work at all, or are limited in scope as the threat actor would not be able to get very far into a network. Otherwise you get this situation.
Share this:
Like this:
Related
This entry was posted on June 21, 2024 at 8:26 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.