On Wednesday, March 28, 2018, Seattle Times reported that WannaCry computer virus hit Boeing, a leading aircraft production company, causing alarm throughout the company for a short period of time for fear that critical manufacturing equipment might be compromised by the attack. The production plant, located in Charleston, South Carolina, was reportedly hit by the cyberattack on Wednesday morning when the chief engineer at Boeing Commercial Airplane production engineering launched an alarming email for “all hands on deck” to respond to the crisis.
WannaCry attacks have been out of the headlines for several months. So why was Boeing’s network infected now? Boeing representatives said that the infection was “limited to a few machines,” according to the Seattle Times report. The company portrayed a low posture regarding the attack, releasing few details to media sources regarding the intrusion. Later that afternoon they released a statement confirming that interventions were successful, stating, “[o]ur cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems.”
A Forbes article, covering news of the ransomware attack, underlines that upon early detection of the virus, a memo went out within Boeing stating that it was “metastasizing rapidly.” Forbes contributor, Lee Mathews, begins an artful discussion of the event by pointing out that this is a “[WannaCry] trademark.” He continues by adding:
It spreads incredibly quickly to vulnerable machines thanks to a combination of NSA exploits that were leaked by the infamous Shadow Brokers. Patches that protected most Windows users from those exploits were released by Microsoft in March of 2017. Those still running XP received an emergency patch two months later in an unprecedented move by Microsoft.
That is to say that any machines on the network at Boeing that were vulnerable would not have received the crucial Microsoft update.
The unpleasant message to be gleaned from this outbreak within such a large corporation is a harsh reminder that many operations are running outdated software. Microsoft released an essential directive to make the appropriate updates to aid in efforts of safeguarding against malicious attacks. While we haven’t had the level of outcry that was experienced with the initial advent of WannaCry in 2017, Boeing’s recent run-in with the virus reminds us all that our organizations are susceptible to malicious outsiders, especially when proper safeguards aren’t put in place.
It’s common knowledge that there are complications would that prevent some large operations from running updated software—largely that many internal systems risk compromised functionality with the updates often outrunning the capabilities of the hardware in place. There’s not a simple solution in the race against evolving threats. Each organization must do its best to remain up to date with emerging risks, as well as the steps in safeguarding their processes.
Digital Forge offers cybersecurity assessments and packages that meet the individual needs of every business, no matter your size or industry. Contact us today for more information. Call us at (877) 369-1831 or email firstname.lastname@example.org.