Boeing Confirms 'Limited' Malware Outbreak


Boeing says that a malware outbreak affected a small number of systems but did not disrupt production. Some media reports have said the malware is WannaCry ransomware.

"Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems," the Chicago-based company says in a statement released Wednesday. "Remediations were applied, and this is not a production or delivery issue."

Boeing, which is the world's largest aerospace company, claims some media reports are "overstated and inaccurate" but the company did not specify what was incorrect.

Citing an unpublished memo written by Mike VanderWel, the chief engineer at Boeing's Commercial Airplane unit, The Seattle Times reports that hit the company was hit by WannaCry.

"It is metastasizing rapidly out of North Charleston, and I just heard 777 (automated spar assembly tools) may have gone down," VanderWel reportedly wrote.

VanderWel expressed concern that the malware could impact testing for airplanes and potentially those planes' software, leading him to sound the "all hands on deck" alarm and note that Boeing vice presidents had been communicating about the crisis, The Seattle Times reports.

Boeing did not immediately respond to a request for comment from Information Security Media Group about what type of malware infected the company's systems and seeking more specific information about which systems were impacted.

WannaCry: A New High Bar

WannaCry, which appeared in May 2017, was the first ransomware to spread globally at an explosive rate. The malare's developers engineered it to act like a worm, meaning once it infected a system, it sought out other systems to attack so that it could spread (see WannaCry Ransomware Outbreak Spreads Worldwide).

Although experts in recent years have been predicting that a large-scale ransomware attack seemed imminent, the damage and disruption caused by WannaCry still surprised many. WannaCry infected as many as 300,000 systems in 150 countries.

WannaCry was so potent because it used a software exploit nicknamed EternalBlue, which targeted a vulnerability in Microsoft's server messaging block (SMB) file-sharing function. EternalBlue was effective against Microsoft operating systems stretching back to Windows XP. The ransomware also installed a backdoor called DoublePulsar.

Both the exploit and backdoor were revealed publicly in early last year by a mysterious group calling itself The Shadow Brokers. The group claimed the software exploits came from the National Security Agency, which numerous information security experts believe is an accurate claim (see Report: Shadow Brokers Leaks Trace to NSA Insider).

Microsoft released a patch for EternalBlue in March 2017 for all supported versions of Windows. But because of delays in patching, many organizations were still not prepared when WannaCry was unleashed two months later.

Worldwide Damage

WannaCry ripped through hospitals, telecommunications and transportation companies, encrypting files on vulnerable systems. Victims included National Health Service trusts in the United Kingdom, Russia's interior ministry and Germany's national rail network. WannaCry demanded a ransom of between $300 and $600, payable in the virtual cryptocurrency bitcoin.

Last December, the U.S. government said it believed that the government of North Korea had developed WannaCry. The U.S. government did not offer evidence to support its view, but said other countries, including Australia, Canada, Japan, South Korea, New Zealand and the United Kingdom had come to the same conclusion (see Is North Korea the True Culprit Behind WannaCry?).

Private security companies and analysts said some of the tools used in WannaCry bore a strong resemblance to tools previously used by a hacking group nicknamed Lazarus. But attribution is often a tricky game, as malware developers can easily borrow techniques in order to fool analysts (see Winter Olympics Gold Medal for False Flag Goes to ... ?).

North Korea has long been suspected of being behind a series of devastating attacks against banks' SWIFT international money transfer systems (see Report: Investigators Eye North Koreans for Exchange Hack). But WannaCry showed willingness to deploy much more aggressive and wide-scale attacks.

The ransomware also prompted deeper, ethical questions over whether intelligence agencies should rapidly inform vendors of software vulnerabilities, especially if the intelligence agencies seem unable to prevent their own tools and exploits from leaking (see Post-WannaCry, Microsoft Slams Spy Agency Exploit-Hoarding).