Company says it doesn't know how long it will take to restore its Microsoft environment.
See full article...
See full article...
What’s known about wiper attack on Stryker, a major supplier of lifesaving devices
- Thread starter JournalBot
- Start date
I’d note that there’s a lot more to Stryker than medical devices. For lots of hospitals dependent on Stryker for disposable surgical instruments this is a supply chain attack that has an impact like COVID. If Stryker isn’t able to get order processing working quickly (and I believe they are hand evaluating post attack orders at this time), some hospitals will be putting off elective surgery and possibly even less critic surgeries until alternative suppliers can be found (which isn’t always simple).
Upvote
124
(124
/
0)
War is hell.
For everyone on the front and back lines. I hope that's universally understood.
For everyone on the front and back lines. I hope that's universally understood.
Upvote
125
(127
/
-2)
I guess we can expect more of this - and other terrorism - thanks to the psychopaths* running the shitshow that is the US these days.
* For those that haven't heard: https://www.msn.com/en-in/news/worl...ains-why-us-sank-46-iranian-ships/ar-AA1XTSQW
* For those that haven't heard: https://www.msn.com/en-in/news/worl...ains-why-us-sank-46-iranian-ships/ar-AA1XTSQW
Upvote
74
(92
/
-18)
I heard on the rumor mill that the hackers took over Styker's MDM system and used it to wipe all of the devices on the company's network. This includes employees who installed Microsoft Intune on their personal phones.
And that's why you should never "bring your own device" to work. Make the company pay for a work phone or pager if they want to reach you outside of business hours.
Upvote
191
(192
/
-1)
Even if a company has fully realized, useful backups and remote provisioning in place, it still takes time to carry out a full investigation of the security failure, make sure the backup data are clean of compromise based on the preliminary investigation findings, reprovision, and then make sure the holes are closed before allowing outside network contact. It can take weeks just to reprovision if you have a device fleet in the 10s of thousands of devices, let alone figure out what happened and form a strategy to prevent it from immediately happening again soon as the outside connection is reopened. No one recovers over night, and if they do, then that in itself is suspicious.
Upvote
95
(95
/
0)
This seems an odd conclusion to me. Iran's stated goal is inflicting global economic damage forcing the world to rein the US in, and disrupting a service economy's fundamental operations would seem to have an obvious and outsized impact well beyond the psychological.
Anyway, start a total war (for one side), get a total war.
Upvote
112
(114
/
-2)
That's not even the primary reason not to BYOD. The primary reason is because if you mix company and personal data and you're part of a division in the company part of legal procedings you're going to lose your device for as long as discovery + any other legal procedures take to finish. Then all your personal data is now in the hands of a 3rd party... even stuff that may not have normally been hoovered otherwise is now outside of your control.
What happened with Stryker is just punctuation rather than content.
Upvote
157
(157
/
0)
It's possible that they are just not talking about the crusty backend stuff; but the reports so far are interesting because of how heavily it sounds like the attack was tilted toward the glorious-modern-hyperscale-cloud side of the house; rather than the 'too critical to patch Server 2012 and miscellaneous embedded trash' side.
Something like MDM wipes is a dangerous toy(the MS documentation does not specifically lie about it; but assigning that ability by default to the "Help Desk Operator" role is basically an invitation to not notice that you've allowed Bob Breakfix to glass any client device in the company unless you are going fairly hard on entra 'administrative units'; which are more or less the revenge of the OU that MS does support but generally doesn't emphasize as a compartmentalization mechanism); but it's also the sort of thing that you, typically, would only have exposed to a bunch of admin accounts that you can be humorless about MFAing relatively hard and using on terminals not closely linked with other stuff; rather than tied to random legacy integrations.
I'm curious whether the flashy use of intune will turn out to be a really, really embarassing AAD config mistake; or if it's just the highly visible parting touch of a much more involved crawl through their entire environment.
Something like MDM wipes is a dangerous toy(the MS documentation does not specifically lie about it; but assigning that ability by default to the "Help Desk Operator" role is basically an invitation to not notice that you've allowed Bob Breakfix to glass any client device in the company unless you are going fairly hard on entra 'administrative units'; which are more or less the revenge of the OU that MS does support but generally doesn't emphasize as a compartmentalization mechanism); but it's also the sort of thing that you, typically, would only have exposed to a bunch of admin accounts that you can be humorless about MFAing relatively hard and using on terminals not closely linked with other stuff; rather than tied to random legacy integrations.
I'm curious whether the flashy use of intune will turn out to be a really, really embarassing AAD config mistake; or if it's just the highly visible parting touch of a much more involved crawl through their entire environment.
Upvote
63
(63
/
0)
I have multiple Stryker implants in my body from a major shoulder reconstruction last year. These devices have restored my ability to use my arm and return to all the activities I love. The devices they make serve to better the life of millions across this globe. Attacking organization like this is the modern equivalent of burning farms and looting storehouses in the ancient world. They serve no purpose other than to make the innocent suffer or hope to demoralize the enemy at all costs.
Upvote
5
(44
/
-39)
Just don’t let the company install a profile that manages your device. Your phone isn’t going to magically delete everything because someone from work called you after hours.
Upvote
50
(52
/
-2)
Both Android and iOS offer segmented work profiles that permit administrators to manage the "work apps" but not the personal side. This doesn't help the legal discovery issues mentioned above, but you can safely BYOD to a properly configured enterprise environment - the administrators can issue the "wipe data" command all day long and it'll just delete the work profile data.
Upvote
49
(52
/
-3)
We've all heard of interservice rivalry; but the air force might object to having intelligence agents assassinating them.
Upvote
86
(87
/
-1)
There’s different levels of BYOD and the point at which you are installing an MDM and managing your device is the point too far. We use Microsoft’s Outlook and Exchange rules and can only remotely erase the data in the one app. I don’t think that poses a risk to the personal device.
Upvote
23
(23
/
0)
I highly recommend season 2 of "The Pitt" for anyone with a strong stomach, physically and psychologically. "Information technology" and "data processing" are still distant, nebulous abstractions to the overwhelming majority of people, who remain sublimely indifferent to it all so long as their Tiks Tok.
For reasons we needn't go into, I've spent too many long nights in urgent care facilities. Turn off the screens for a day and we'll be piling the broken, bloody bodies in parking lots, with the flies audible a mile away. No brilliant youngster will develop a photographic memory. No tireless bystanders will run around with clipboards. No hot-as-hell, fuck-me-now-daddy former combat medic will be the analog hero of the hour. People will just die, in pain and in quantity, and continue doing so for quite some time after the screens come back on.
Whether the deaths occur today or tomorrow, interfering with medical technology is the mass murder of innocents. (If anything with a mouth can be said to be truly innocent.)
For reasons we needn't go into, I've spent too many long nights in urgent care facilities. Turn off the screens for a day and we'll be piling the broken, bloody bodies in parking lots, with the flies audible a mile away. No brilliant youngster will develop a photographic memory. No tireless bystanders will run around with clipboards. No hot-as-hell, fuck-me-now-daddy former combat medic will be the analog hero of the hour. People will just die, in pain and in quantity, and continue doing so for quite some time after the screens come back on.
Whether the deaths occur today or tomorrow, interfering with medical technology is the mass murder of innocents. (If anything with a mouth can be said to be truly innocent.)
Upvote
-10
(23
/
-33)
Albino_Boo
Ars Praefectus
Personal devices, notes and even diaries are legally discoverable. There's no protection if you have a work phone and a personal phone both can be taken. In house lawyers will take it from you first to see what the exposure is. There's a reason why my meeting notes where always key words and aide-mémoire and never opinions. Formality is your friend
Upvote
21
(24
/
-3)
To clarify, they're actually bricking the drives themselves? How? I couldn't find any mention of that in the linked article. AFAIK, the destructive disk exercisers of the past don't work on modern hard drives, much less the flash storage used in mobile devices.
Upvote
12
(13
/
-1)
Nickel's worth of free advice I've given to new hires asking about using a personal device for work purposes: You don't want your nudes to be in something legally discoverable. Sure, they won't be admissible in court (unless somehow relevant), but they'll still get a wider audience than you intended.
Upvote
53
(54
/
-1)
Albino_Boo
Ars Praefectus
Small but important point, there's nothing that isn't legally discoverable outside of the confession box and conversation with your lawyer. Its just how much of fishing expedition the other sides lawyers are willing to go on
Upvote
5
(12
/
-7)
It’s more nuanced than that. I use my personal devices for work stuff all the time. They do not have the ability to wipe my device as they are not under any MDM policies.
For mobile devices we use MAM (Mobile Application Management) policies instead. To access company data I have to use only apps with MAM capabilities. This effectively creates a “bubble” that they do control. This includes capabilities like copy in or out, the device needs to not be jailbroken, minimum OS etc…The bubble can be wiped instantly.
On the PC side we do not allow personal devices to be enrolled for MDM. It is blocked outright as we do not want to manage personal PCs. We have a bunch of conditional access polices set that control access. We do allow for Entra ID “registered” which provides some certainty that the device is “mine”. If that is done the CA policies get relaxed a bit.
We are respectful of a user’s device. Corporate owned devices get the full MDM treatment. Across mobile devices and PCs we have about 50K in total. Around 19K of that number get the full MDM stack.
Upvote
35
(36
/
-1)
Where I work we give people the choice and I use my personal device instead of carrying a separate one, I'm also the one that configures the MDM for phones (corp owned and personal).
I don't think this is universal but at least on my Android pixel phone, I can install my work stuff in a separate environment. It's like a separate profile essentially. It has a separate copy of my work apps, they're isolated from my personal stuff, if the company (in this case, me or my boss) were to issue a delete command. It would only delete the work account and leave all of my personal stuff untouched. It's literally like carrying two separate phones.
If it was a corporate owned device, it would reset the entire phone. But on a personal phone, set up the way I have, it would only reset the work partition. (I like it and find it convenient, other people completely and strongly disagree, So we give people the choice to have a company owned phone if they want to carry it around)
Upvote
8
(9
/
-1)
True, but it's really a widespread, normal configuration now.
Also you see how the profile gets configured when you enroll, so there are no surprises.
Upvote
2
(2
/
0)
I still prefer the simplicity of physical separation because it’s easier for people to reason about: beyond the legal issues other people have mentioned, just being confident about what a new or updated policy does and does not cover is a recipe for people making mistakes, especially if a company tries to manage a previously unmanaged app.
Upvote
19
(20
/
-1)
I’m sure there are nuances I am wrong about, because I am not a lawyer nor do I play one on TV, but I have seen devices get taken and imaged so the company couldn’t be accused of hiding anything or destroying evidence. Did it end up being made available to the other side’s lawyers? I’m not sure; my need to know ended before that stage. But there was certainly a nonzero chance that it could have been.
There was an… I think ex-Apple employee?… who had this issue because Apple doesn’t support multiple accounts, so her personal AppleID was caught up in a lawsuit. Images and all. Except now I can’t find links, and Twitter references are dead, and… ugh. Sorry, I tried to find a link-able example that was in the news but am coming up short.
Upvote
13
(13
/
0)
My sources inside Stryker and Intune indicate the attack was just an MDM wipe, no cloud damage. Anecdotally, a BYOD iPhone not yet Intune enrolled was unaffected. The devices are physically fine, just factory reset.
The attack sounds unsophisticated. It's likely an Admin was phished or otherwise compromised, and then scripted a global wipe of all enrolled devices. It seems like a miss in product design or config that there's not a ratelimit on remote wipe commands.
The attack sounds unsophisticated. It's likely an Admin was phished or otherwise compromised, and then scripted a global wipe of all enrolled devices. It seems like a miss in product design or config that there's not a ratelimit on remote wipe commands.
Upvote
33
(33
/
0)
Fuck. I have surgery scheduled in a month. It's actually quality of life improving surgery I'm looking forward to as well.
For those of us ignorant of Stryker as a company, would this situation apply globably or would certain regions be more likely to be affected than others in this particular regard?
Upvote
11
(11
/
0)
Oh you are precious. As if some of us have any choice in that if we want to stay employed.
Upvote
-2
(17
/
-19)
Albino_Boo
Ars Praefectus
It depends on what the other side requested. I know from a case where an in house lawyer got himself fired by being indiscreet in an email. Then they pulled all his communications that where admissible and forced a settlement because he was even more indiscreet on his personal phone. At one point in time there was a tactic of deluging the other side with documentation but the advent of keywords search and now AI summaries has rendered that redundant
Upvote
14
(14
/
0)
The US is so fucked.
I mean, I know that can apply in myriad situations and circumstances... but imagine having no job security, and fearing losing your job because the business is too cheap/lazy/whatever to provide you with device(s) [presumably] essential to carrying out your work.
Upvote
39
(44
/
-5)
Saved me from having to say this very same thing. The "protections" from keeping personal separate from work are largely imagined anyway. If you're in a position of interest at an entity facing legal discovery you're in the blender with both feet, there's no "personal" devices any longer, it all belongs to the lawyers.
Upvote
4
(11
/
-7)
I understand this position but it's not a thing that can happen with the OS-level policies around managed and unmanaged apps. The MDM cannot "take control" over an unmanaged app, nor can it relinquish control of a managed one. The managed partition is sandboxed away from the unmanaged one and the enforcement happens at the operating system level.
Again, there are plenty of good reasons to like physical separation.
Upvote
15
(15
/
0)
How does this work for the same app if, say, you had OneDrive or Outlook used in a managed environment but also wanted a personal or school copy? The last time I checked, that wasn’t supported.
Similarly, Apple at least used to have a way to convert unmanaged apps to managed. That’s the kind of thing I’d worry about someone not understanding or missing that an updated policy prompt has greater implications than 90% of the prompts they see.
Upvote
7
(7
/
0)
I think the company should not want their business info on the employee's personal devices. Seems like a security weakness.
Upvote
19
(19
/
0)