back
Yesterday, Stryker Corporation, one of the world’s largest medical device manufacturers, suffered a devastating global cyber attack by the Iran-linked hacktivist group, Handala. The attackers allegedly stole 50TB of data and then wiped Stryker’s global IT infrastructure of 200,000+ devices across 79 countries.
More Than a Cyber Attack
In modern geopolitical conflicts, you no longer need an army, nuclear weapons, or much money to inflict high casualties on an adversary. 7AI calls the Stryker attack hybrid warfare—not just a cyber attack or data breach. Attackers abused a legitimate Microsoft enterprise tool, Intune Remote Wipe, to wreak technical destruction and coordinate a campaign of psychological warfare, including political narrative and reputational damage. The lost data is expected to be leaked on Telegram and social platforms to maximize media coverage and erode customer trust.
Most U.S. hospitals that perform surgeries use products and/or cloud services from Stryker. Organizations that partner with, procure from, or share data with Stryker might have had data stolen as part of the attack. They’ll probably become targets of Handala phishing campaigns. They’re also likely to have devices that communicate to Stryker systems. They’re all highly susceptible to becoming collateral damage.
Changing Motivations
In the current conflict, 7AI said that “any company with business ties to Israel—acquisitions, partnerships, shared customers, investment relationships—is a potential target. Stryker was not targeted because of a cybersecurity failure. It was targeted because of its business history,” which included acquiring an Israeli medical technology company in 2019.
That’s why it’s critical to know your organization’s data and its behavior. Locking down admin access and having strong security controls is a start. The 7AI article provides good guidance on additional steps.
But now, organizations have to know in real time when any data—credentials, device data, regulated data, user data, backups, etc.—is being accessed, moved to, or used by unexpected users, devices, and locations.
Companies Need Data Surveillance, Like, Yesterday
Flying Cloud CrowsNest is the only way to not only understand your data and its normal behavior, but to also assign policy control over individual data binaries, classes of data, and entire critical data streams. Define and limit allowable data movement in advance. Instantly see anomalous data behavior. Be alerted of any violations and trigger appropriate action in alignment with other security controls to stop movement outside of your network.
Stryker and its ecosystem are likely just the first salvo in new hybrid warfare. They won’t be the last. Devices can be restored but not without data. Contact Flying Cloud today to bring data under surveillance and protection. Don’t wait until you needed it yesterday.