ISS World, a Danish workplace experience and facility management company was hit by a malware attack on February 17, 2020, which disrupted its global operations. As per the company’s standard operating procedure (SOP), the entire global computer network of ISS World, including its website, were pulled offline to isolate the attack. In a press release, ISS World explained that this malware attack had minimal impact on the company’s daily operations as the service provider mainly delivers services on-site (i.e. on client site).
ISS World neither disclosed the severity and type of attack, nor the extent of the damages caused by it. However, it confirmed that their internal investigation team identified the root cause of the malware attack. To further investigate the security incidence, ISS World took help from its hosting provider, cyber forensic experts in the industry and a special task force.
The company website was restored by Friday evening and its entire IT workforce was working tirelessly towards a complete system and network restoration. No customer data leak or compromise was reported by ISS World. The team of investigators is also looking out for any potential financial impact that the malware attack could have on ISS World.
The JhoneRAT Incident
Earlier, security researchers from Cisco Talos discovered a new version of remote access trojan (RAT) malware attack, which targeted a victim’s device via malicious Microsoft Office documents. The RAT malware, tracked as “JhoneRAT,” was developed using Python and targeted a set of Middle East countries by checking keyboard layouts of the infected devices.
The researchers identified three malicious MS Office documents that were used to infect the device. The first document named “Urgent.docx,” discovered in November 2019, asked the victim to enable English and Arabic-language editing. The second document named “fb.docx,” discovered in January 2020, claimed to contain data on leaked Facebook accounts from 2019. The third document, found at the end of January 2020, contained blurred content and is alleged to be from a legitimate United Arab Emirates (UAE) organization.