Swatch Group Hit by Likely Ransomware Attack

The world’s largest watchmaker, Swatch Group, has admitted it suffered a cyber-attack over the weekend which forced the shut-down of IT systems.

“Swatch Group confirms that it has identified clear signs of a developing cyber-attack on some of its IT systems during the weekend,” a brief statement confirmed.

“For security reasons, the group immediately took action and shut down precautionary some of its IT systems, which affected some operations. The situation will return to normal as soon as possible.”

Given the extreme action that the firm’s IT department was forced to take and the fact that it disrupted some operations in doing so, ransomware would seem to be the prime candidate.

The Swiss-headquartered multi-national is home to 18 individual brands including the eponymous Swatch, launched in the 1980s, and major names such as Tissot, Omega and Longines. It made over $2 billion in sales in the first half of 2020, making it an attractive potential target for ransomware attackers.

Dean Ferrando, lead systems engineer EMEA at Tripwire, argued that it’s encouraging the watchmaker at least managed to detect the attack early on and took action to limit its impact.

“Malware doesn’t just suddenly appear on systems. It has to get there through exploited vulnerabilities, phishing, or other means. While we tend to focus on the malware/ransomware itself, the best way to avoid becoming a victim is to prevent the infection in the first place,” he continued.

“The best way to prevent ransomware infections is to address the infection vectors by patching vulnerabilities, ensuring systems are configured securely, and preventing phishing. When these preventive foundational controls fail, there needs to be a continuous monitoring tool in place to detect the signs of a compromise.”

The incident came in the same week that one of America’s largest healthcare providers, UHS, and one of the world’s biggest shipping firms, CMA CGM, admitted they were hit by separate ransomware attacks.

Unlike Swatch Group, these firms appeared to fare less well in spotting the attack. UHS was forced to down its entire network, causing widespread disruption for patients, for example.

In a separate report this week, Microsoft warned that ransomware groups are now making wide sweeps of the internet looking for vulnerable entry points in organizations to attack. Some raids take just 45 minutes from initial compromise to ransom, it claimed.

What’s Hot on Infosecurity Magazine?