We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was astounded to learn that they couldn’t inspect her car due to — of all things — malware.
It has now been a week since the outage started. Not only was Massachusetts impacted, but seven other states were also brought to a halt from the attack, including Connecticut, Georgia, Idaho, Illinois, Utah, and Wisconsin.
Applus Technologies, the company Massachusetts pays almost $5 million a year to keep the system up and running, detected and stopped the malware attack, but it interrupted the process of conducting vehicle inspections throughout the eight states. The restoration involves resetting Applus Technologies’ IT environment. The company announced that it will take some time to fully restore the inspection stations. Bay State residents have been advised that they likely won’t be able to have their vehicle inspections completed until tomorrow at the earliest. Luckily, the state police have been informed, so if you’re like Alexis and waited until the end of the month to get this chore done, have no fear: You’re safe (for now).
Details behind how the malware attack occurred haven’t been released yet. But we know that malware continues to plague organizations globally and that entire industries have been ground to a halt thanks to these attacks. Generally, the type of malware that stops businesses and requires an extensive rebuild of infrastructure is ransomware. Forrester has published reports on how to mitigate these kinds of attacks with Zero Trust.
Organizations should focus on implementing the following to limit the damage of a ransomware attack:
- Making sure you have a thorough and tested incident response plan. Organizations should be conducting tabletop exercises to test these plans regularly to update where needed.
- Stopping lateral movement through microsegmentation, especially starting with critical infrastructure so that the impact isn’t as significant.
- Having a well-defined backup and data duplication system and strategy in place that includes having backups stored off your corporate network outside an attacker’s reach.
- Turning off vulnerable protocols such as SNMP v1 and SMB v1. Lock down open shares within your organization. This will help stop ransomware from propagating as quickly since these are common tactics it utilizes.
- Having a well-thought-out and well-executed patching strategy that has your organization patching early and often to stay ahead of zero days and other exploits that enable attackers to move quickly through your enterprise.
- Moving on from a perimeter-based security architecture to one based on Zero Trust to effectively limit lateral movement and contain the blast radius of a multitude of types of attacks (phishing, malware, supply chain, etc.).
(Written with Alexis Bouffard, research associate at Forrester)