75 comments

[ 2.0 ms ] story [ 85.6 ms ] thread
Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.
My only knowledge of this company is as a manufacturer of gurneys for ambulances.

I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.

Anyone know if it would be worse?

Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.

If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.

Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely. Seems like the hackers found a door they could kick open easily and then justified the action ex-post.
So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
Microsoft keeps disappointing and chief technology officers keep paying them. Wasn’t Elon Musk supposed to prove you could vibe code their entire product line? What happened to all that?
Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.
You can set dual authorization for resets, wipes, and deletes. Normally CISA would pipe in with this kind of guidance. Anyone know what they’re up to now?
The "Fucking for Virginity" approach to infosec strikes again!
Never add your personal device to a companies MDM…
I believe Android Work profile[0] would have limited the damage to the work profile rather than also impact the personal profile on a personal device.

Does anyone know if this is correct?

[0] https://www.android.com/enterprise/work-profile/

Exactly. BYOD cannot be wiped [0], neither on iOS, nor on Android. Only company-owned devices are affected.

edit: 0 - on iOS this means enrolled via User Enrollment

They are trying to hurt innocents in retaliation for the US murdering their children. I understand the sentiment, but strongly disagree with acting on it. Ukraine has done a much better (of course not perfect) job of retaliating against military targets in response to russian war crimes.
That's a shame, they make impressive products
So... did they have backups?

Wipe all data kind of seems like the best kind of cyberattack if you have backups. No data falling into wrong hands, no left behind rootkits, no ransome threats etc

They’ve been around for a while. Threat actors are something that I want our governments to be working on stopping. If they were capable, I would say we should run a government Project Zero but I doubt anyone would do long term service for $70k/yr when they could be making 10x-100x that.

Anyway, the bombings will have to continue till we rubble our enemies.

So their own faulty security is now blamed on others. That's not new.
[dead]
I'm trying to imagine the kind of response the USA would inflict on a country that wiped a girls school stateside.
Yeah, it really wasn't about the school.
They couldn't, and that's the point.

Iran is a state sponsor of Islamic terrorist groups worldwide and have contributed to thousands of deaths, including children. None of it is justified but let's not pretend it's one sided.

Your cilivians inflict that on yourself and you do nothing....
If we take precedent from other times children in the USA were slaughtered in schools, probably a bit of national grandstanding on either end of the political spectrum then nothing actually material happening.
Killing 175 children would illicit such a response also from USA hackers.
Killing 175 children in the US would be called another Tuesday school shooting or something.

Also elicit.

I wonder if there was some confusion between Stryker the Army infantry vehicle and Stryker the medtech company.

It seems a really weird target for Iran otherwise.

Yeah, I had to lookup the names! Stryker the armored vehicle is made by General Dynamics. Striker the fire truck is made by Oshkosh Corporation.
[flagged]
If by "survival" you mean surviving against a bloodthirsty regime that killed 10,000 people in January alone, then yes: the people of Iran are fighting for survival.
No, the extremely nasty Islamic Theocracy that runs Iran is fighting for its survival after killing 20,000 protestors. Iran police chief has said that anti-government protesters will be treated as 'enemies'. "And we will do to them what we do to an enemy. We will deal with them in the same way we deal with enemies," he added.

https://www.rnz.co.nz/news/world/589307/iran-police-chief-sa...

So US and Israel wipe out a school filled with children and Iranian hackers delete some data as retaliation?