On March 23, Honeywell, a well-known U.S.-based industrial tech giant, revealed that it was under a malware attack. The firsthand account states that the intrusion seems to be detected in the early stages of penetration since only a “limited number” of IT systems were disrupted.
Although the IT services have been restored completely and regular work in the office resumed subsequently, an investigation into the incident is ongoing. Honeywell was quick to disclose that there were no traces of attackers being successful in exfiltrating any company or customer data until now. The systems that store customer information were still intact. However, based on the statement: “If we discover that any customer information was exfiltrated, we will contact those customers directly” – it cannot be completely ruled out that some customer data may have been compromised.
Honeywell also mentioned that, during the ongoing investigation, they have partnered with Microsoft “to assess and remediate the situation.” Does this have to do anything with the recently detected Microsoft Exchange Server attacks, which have been widely carried out by a Chinese hacking group called “Hafnium?” If so, then Honeywell will join a long list of researchers, law firms, education institutions, defense contractors, policy think tanks, and NGOs who have been targeted by the same attackers.
We cannot rule out the possibility that a ransomware gang may have tried to infiltrate Honeywell’s IT system. The recently disclosed ProxyLogon vulnerabilities in the Microsoft Exchange Server has opened this door for ransomware operators and proof of this is the DearCry ransomware, which is human-operated and highly target-centric.
CISO MAG reached out to Honeywell to confirm these doubts but no response was received until the time of publishing.
However, Honeywell did reiterate in its statement that the point of entry to all compromised systems has been identified and “have since been secured.” And adhering to the breach guidelines, all respective law enforcement agencies have also been notified.