ABB discloses IT Security Breach: The Cyberattack Impacts Company Operations

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
ABB Data Breach

ABB Ltd., a prominent Swedish-Swiss robotics and automation company, recently experienced a cybersecurity issue that affected business operations. ABB, the corporation headquartered in Zurich and formerly the largest industrial employer in Switzerland until 2020, asserts an IT security breach that has specifically affected certain sites and systems. Vigorous efforts are underway to regain control and manage the situation effectively. ABB’s group spokesperson, Christian Meuter, stated to ETCISO that the business “has taken, and continues to take, measures to contain the incident” to rectify the issue.

He claims that these actions caused some operational problems, which the company is rectifying. “The vast majority of its systems and factories are now up and running, and ABB continues to serve its customers securely,” states Meuter.

“ABB continues to work diligently with its customers and partners to resolve this situation and minimize its impact,” he added.

Several reputable companies, including Volvo, Hitachi, the cities of Zaragoza and Nashville,  Roboship, PKN Orlen, and many more, are among the company’s customers.

Allmänna Svenska Elektriska Aktiebolaget (ASEA) of Sweden and Brown, Boveri & Cie of Switzerland joined to become ABB, a Fortune 500 organization for 24 years. ABB, a leader in producing electrical equipment, has created an excellent reputation for itself as an expert in the design of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. According to the business forecast for 2022, ABB India involves more than one lakh personnel.

ABB aids in cybersecurity as a service and undertakes security evaluations using “multiple standard and custom assessments,” according to the organization’s website, and additionally offers security awareness on cyber security and implements programs for employee training.

Was Black Basta behind the attack?

According to Bleeping Computer, the organization was the target of an attack involving ransomware by the company Black Basta, which has associations with Russia. Cybernews reached out to ABB for confirmation, but the company chose not to verify the incident. Moreover, the organization’s name does not appear on Black Basta’s leak site, which serves as a dark web blog where cyber criminals exchange information about their latest targets.

Black Basta is a very strong adversary. The research from Kaspersky claims that its ransomware strains can infect computers running Windows, Linux, and VMware ESXi.

The group forces victims into paying a ransom using double extortion techniques. Utilizing this technique, cybercriminals frequently release stolen data in fragments, anticipating their victims would buckle under pressure from both internal and external sources.

Black Basta is distinct since it contains much ransomware to attack Linux and Windows desktops and laptops. The Windows version additionally boots the system in safe mode before encrypting. Researchers believe that because many security systems are unable to run in safe mode, this permits malware to avoid detection by such programs.

In 2022, Black Basta infected several organizations in the first couple of weeks. Since its malware strain was initially found, Black Basta has reportedly affected 153 organizations, according to the dark-web monitoring portal “DarkFeed”.

Conti, the parent company of Black Basta, may have purposefully exposed source code.

Its source code was exposed on hacker forums after Conti folded up. Although there are rumors that a conflict within the organization caused the code leak, ransomware gangs are known to purposefully release their source codes so that other, less skilled hacker groups may use them to spread cyberattacks.

This frequently happens when massive cybercrime companies ‘feel the heat’ from law enforcement organizations and know that authorities are closing in. Cybercriminals have the chance to become lost in the ‘noise’ when multiple other ransomware gangs start using the released source code.

Simply said, it makes it more difficult for law enforcement organizations to track a trace that was previously linked to a particular source i.e., a malicious ransomware gang.

Recent Vulnerabilities and Attacks of 2023

Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.