Malware Attack Takes ISS World’s Systems Offline

Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline.

Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

“On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident,” the company announced.

ISS says it has already identified the root cause of the attack, and that it is working with forensic experts and its hosting provider, as well as with an external task force, to restore its systems.

Currently, the company’s website is informing visitors that ISS systems are not available right now.

While some systems have already been restored, the company could not provide information on when it would have all of them back online.

“There is no indication that any customer data has been compromised,” ISS says.

The company also notes that, because the nature of their business is to deliver services on customer sites mainly through people, operations continue.

“Our priority is to ensure limited or no disruption while we fully restore all systems,” the company says.

The investigation into the incident continues, and the company has yet to provide details on the potential financial impact of the attack and on the type of malware used.

According to some news outlets, however, the company was the victim of a ransomware attack.

“We will provide a further update when we have significant, additional information,” ISS said.

“While the root cause of this attack and the attacking group are still unknown, it is important to remember that these companies become targets because they are in some way vulnerable. Whether this is due to too many exposed services, unpatched systems or weak authentication, these criminals will find that weak link. Think of it as an unwanted, criminal penetration test,” John Shier, senior security expert at Sophos, told SecurityWeek in an emailed comment.

“We urge all companies to invest the resources necessary – time, people and technology – to shrink their attack surfaces. This applies not only to prevention of threats, but also detection and remediation of extant threats in their IT systems,” Shier added.

Related: IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack

Related: Echobot Malware Drives Significant Increase in OT Attacks

Related: Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies