Oct 3, 2023 - Technology

Businesses with government contracts ripe targets for cyber attacks

Illustration of a mouse in a bear trap

Illustration: Sarah Grillo/Axios

An apparent cyberattack on a major building automation systems manufacturer is gathering national attention after reports that it may have compromised some data belonging to the Department of Homeland Security.

Why it matters: Government contractors are a ripe target for cyberattacks, and the Biden administration has made it a priority to apply tougher cybersecurity rules to any business working with the government.

Driving the news: CNN reported Monday that DHS is investigating whether a reported ransomware attack targeting Johnson Controls International affected sensitive physical security information, including building floor plans.

  • Johnson Controls has not yet determined the full extent of the incident, saying in a statement only that the company is continuing "to assess what information was impacted" and is "executing our incident management and protection plan."

Details: Johnson Controls has been responding to a reported ransomware attack for at least a week, according to BleepingComputer.

  • The company manufactures security equipment, industrial control systems, fire safety equipment and other physical security devices.
  • Customers have included international aerospace manufacturers, universities and medical facilities.

The intrigue: No ransomware gang has claimed responsibility for the reported attack yet — suggesting that if this is a ransomware incident, the company could still be in negotiations over whether to pay a ransom to unlock its systems.

Between the lines: Johnson Controls is far from the first government contractor to face a cyberattack or espionage campaign.

What they're saying: Johnson Controls hasn't shared any additional details about the incident besides what it told the Securities and Exchange Commission in a brief statement in a public 8-K filing Wednesday.

  • The filing says the company has "experienced disruptions in portions of its internal information technology infrastructure and applications resulting from a cybersecurity incident."
Go deeper