Security Experts:

Connect with us

Hi, what are you looking for?



Malware Attack Takes ISS World’s Systems Offline

Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline.

Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline.

Founded in 1901, the Copenhagen, Denmark-based company provides cleaning, support, property, catering, security, and facility management services for offices, factories, airports, hospitals, and other locations all around the world.

At the moment, the company’s employees don’t have access to corporate systems, as they were taken offline following a malware attack earlier this week.

“On 17 February 2020, ISS was the target of a malware attack. As a precautionary measure and as part of our standard operating procedure, we immediately disabled access to shared IT services across our sites and countries, which ensured the isolation of the incident,” the company announced.

ISS says it has already identified the root cause of the attack, and that it is working with forensic experts and its hosting provider, as well as with an external task force, to restore its systems.

Currently, the company’s website is informing visitors that ISS systems are not available right now.

While some systems have already been restored, the company could not provide information on when it would have all of them back online.

“There is no indication that any customer data has been compromised,” ISS says.

The company also notes that, because the nature of their business is to deliver services on customer sites mainly through people, operations continue.

“Our priority is to ensure limited or no disruption while we fully restore all systems,” the company says.

The investigation into the incident continues, and the company has yet to provide details on the potential financial impact of the attack and on the type of malware used.

According to some news outlets, however, the company was the victim of a ransomware attack.

“We will provide a further update when we have significant, additional information,” ISS said.

“While the root cause of this attack and the attacking group are still unknown, it is important to remember that these companies become targets because they are in some way vulnerable. Whether this is due to too many exposed services, unpatched systems or weak authentication, these criminals will find that weak link. Think of it as an unwanted, criminal penetration test,” John Shier, senior security expert at Sophos, told SecurityWeek in an emailed comment.

“We urge all companies to invest the resources necessary – time, people and technology – to shrink their attack surfaces. This applies not only to prevention of threats, but also detection and remediation of extant threats in their IT systems,” Shier added.

Related: IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack

Related: Echobot Malware Drives Significant Increase in OT Attacks

Related: Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.