Johnson Controls Cyberattack – Is Our Critical Infrastructure At Risk?

Johnson Controls Cyberattack—Is Our Critical Infrastructure At Risk?

By: Craig Kennedy

On September 27th, Johnson Controls filed a Form 8-K to the Securities and Exchange Commission (SEC) indicating that it had experienced a cybersecurity incident impacting its internal IT infrastructure. Multiple sources are reporting that the Dark Angels ransomware gang is responsible and stole 27 TB of data, encrypted Johnson Controls VMware ESXI servers and other devices, and are demanding a $51 million payment. What’s concerning about this incident is the vast scope of downstream organizations that could potentially be impacted by this attack.

Who is Johnson Controls?

Johnson Controls is a large multinational company that provides building and infrastructure automation and security systems across a broad range of sectors, including data centers, hospitals, schools, transportation, manufacturing, hospitality, entertainment, as well as many local, state, and federal government agencies.

Who is Dark Angels?

Dark Angels is a ransomware gang that has been active since around May 2022. They target and breach a victim’s IT infrastructure, steal, and encrypt their data, and then demand payment to provide a decryption key and delete the stolen data. This double extortion tactic is used by some ransomware gangs so they can threaten to expose the stolen data in case the victim is able to recover the encrypted files independently.

DHS Gets Involved

The Department of Homeland Security (DHS) is investigating this breach as Johnson Controls provides building and infrastructure automation and security systems for government buildings and operational controls for critical infrastructure systems. There are concerns that some of the data leaked may expose physical security assets including building floor plans and access information of sensitive government agencies.

Operational Infrastructure

In addition to the serious ramification of any government agency information being exposed, there’s serious concerns about other infrastructure operations being impacted. We’ve seen how disruptive cyberattacks on operational infrastructure can be, two examples being the Colonial Pipeline and JBS Foods attacks in 2021. Amplifying the impact of these isolated incidents with the broad reach of Johnson Controls infrastructure access being used to launch further “stage 2” attacks would be chilling.

Bottom Line

Enterprises and Government agencies must continuously assess the security controls of their supply-chain providers and contractors and hold them to very high standards. As more and more infrastructure becomes connected and “smart”, the attack surface and impact of bad actors gaining unauthorized access increases as well.

 

---

 

Policies and AI: A Guide for Enterprise Policies on AI and Its Usage

With the rapid adoption of AI, practical challenges inevitably arise. This extends not only to designing products and services that harness AI but also to the consumption of AI by both enterprises and individual knowledge workers. In this webinar, we will delve into the critical issues surrounding the deployment and management of AI, addressing both the application and policy aspects, both at the individual and enterprise levels.

Join Aragon’s expert analysts, Jim Lundy and Adam Pease, will provide insights into key considerations for enterprises in the realm of AI. Topics to be covered include:

• Why effective AI management is crucial for enterprises.
• The essential policies that need to be put in place for AI.
• Strategies for enterprises to harness AI’s power while safeguarding the enterprise’s integrity.

Register Here

 

---

 

Blog 1: Introducing the Digital Operations Blog Series

Blog 2: Digital Operations: Keeping Your Infrastructure Secure

Blog 3: Digital Operations: Cloud Computing

Blog 4: Cybersecurity Attacks Have Been Silently Escalating

Blog 5: Automation—The Key to Success in Today’s Digital World

Blog 6: Infrastructure—Making the Right Choices in a Digital World

Blog 7: Open-Source Software—Is Your Supply Chain at Risk?

Blog 8: IBM AIU—A System on a Chip Designed For AI

Blog 9: IBM Quantum: The Osprey Is Here

Blog 10: The Persistence of Log4j

Blog 11: AWS re:Invent 2022—Focus on Zero-ETL for AWS

Blog 12: AWS re:Invent 2022—The Customer Is Always Right

Blog 13: How Good is the New ChatGPT?

Blog 14: The U.S. Department of Defense Embraces Multi-Cloud

Blog 15: 2022 Digital Operations—The Year in Review

Blog 16: Lucky Number 13 for Intel—Intel Is Back on Top

Blog 17: Quantum Decryption—The Holy Grail for Cybercriminals

Blog 18: Microsoft and OpenAI—Intelligent Partnership

Blog 19: ChatGPT—The First One Is Free

Blog 20: Bing and ChatGPT—Your Co-Pilot When Searching the Web

Blog 21: ESXiArgs—Ransomware Attack on VMware

Blog 22: The Cost of Supply Chain Security—$250M in Sales

Blog 23: OpenAI Delivers on APIs—Accelerating the Adoption of ChatGPT

Blog 24: OpenAI Delivers on Plugins—Is ChatGPT The New Generative Content Platform?

Blog 25: Microsoft Security Copilot—Defending the Enterprise at the Speed of AI

Blog 26: Operation Cookie Monster Takes a Huge Bite Out of The Dark Web

Blog 27: AWS Bedrock—Amazon’s Generative AI Launch

Blog 28: Google Cloud Security AI Workbench – Conversational Security

Blog 29: World Password Day – Is This the Last Anniversary

Blog 30: Intel Partners to Enter the Generative AI Race—Aurora genAI

Blog 31: Charlotte AI – CrowdStrike Enters the Generative AI Cybersecurity Race

Blog 32: NICE Catches the Generative AI Wave

Blog 33: AMD Instinct MI300X—A New Challenger to Nvidia

Blog 34: Storm-0558—Chinese Cyber Attack on US Government Organizations

Blog 35: Network Resilience Coalition—Making the Network Safer

Blog 36: Frontier Model Forum—Power Players Unite to Make AI Safer

Blog 37: Intel Is Back in the Foundry Business—Entering the Angstrom Era

Blog 38: Check Point Acquires Perimeter 81—Securing Remote Access

Blog 39: PSA—Akira Ransomware Targeting Cisco VPNs