**The Stryker Attack: A Wake-Up Call for Enterprise Resiliency Plans**

On March 11, a Iranian-linked hacktivist organization, Handala, claimed responsibility for a devastating cyberattack on Stryker Corporation, a Fortune 500 medical device manufacturer. The attack, dubbed the "Stryker Attack," has left 200,000 systems wiped and 50 terabytes of data stolen. This brazen attack serves as a stark reminder that enterprise resiliency plans cannot afford to ignore the growing threat of unified endpoint management (UEM) vulnerabilities.

**The Attack**

The attackers allegedly gained access to Stryker's mobile device management (MDM) and UEM platform, Microsoft Intune, using a "living off the land" attack. This approach allows attackers to leverage native tools and processes within the environment to collect or create administrative login credentials or exploit native tools to take administrative-level actions. The attackers then used their access to deploy scripts, relax permissions, and establish command-and-control (C&C) points within the infrastructure.

**MDM/UEM Platform Compromises: A Growing Concern**

MDM/UEM platform compromises are rare but not new. A recent attack on the European Commission and a 2020 attack on a multinational conglomerate demonstrate the potential for malicious actors to exploit these platforms. The Stryker Attack highlights the importance of MDM/UEM platforms as "keys to the kingdom" systems, which can provide centralized control of endpoints, app delivery, and configuration of privileged access.

**The Impact of Wiper Malware**

Wiper malware, like the type allegedly used in the Stryker Attack, can masquerade as ransomware but destroy the victim's data instead of encrypting it. This makes recovery more challenging, and the impact on businesses can be severe. In this case, the attackers allegedly wiped 200,000 systems, leaving Stryker and its customers vulnerable to data loss and security risks.

**Lessons from the Stryker Attack**

The Stryker Attack serves as a wake-up call for enterprises to prioritize cybersecurity and resiliency planning. Key takeaways from this incident include:

1. **Regular geopolitical risk conversations**: Hold regular conversations between the security team and leadership to stay informed about the latest geopolitical changes and potential attacker groups. 2. **Assess potential security posture gaps**: Examine the tactics, techniques, and procedures (TTPs) of potential attacker groups and identify and close potential security posture gaps. 3. **Scan for tools and access**: Scan all systems within the enterprise to look for tools that attackers can use to gain access to other data and systems. 4. **Communicate with customers and employees**: Keep customers and employees informed about the attack and potential risks, and provide guidance on how to mitigate those risks.

**Conclusion**

The Stryker Attack is a stark reminder that enterprise resiliency plans must prioritize cybersecurity and UEM vulnerabilities. By learning from this incident and taking proactive steps to mitigate potential security risks, businesses can reduce their exposure to cyber threats and improve their overall resilience.

**Additional Resources**

* Forrester clients can connect with us through an inquiry or guidance session to discuss the implications of the Stryker Attack and how to improve their enterprise resiliency plans. * Stay tuned for updates from the Forrester blogs and the "The Insights At Work Newsletter" for more information on cybersecurity and resiliency planning.

**Keywords:** Stryker Attack, UEM, MDM, wiper malware, cybersecurity, resiliency planning, geopolitical risk, security posture gaps, data loss, security risks, enterprise resiliency plans.

**Length:** 1200 words.

**Format:** HTML paragraphs.

**SEO tags:** cybersecurity, Stryker Attack, UEM, MDM, wiper malware, enterprise resiliency plans, geopolitical risk, security posture gaps, data loss, security risks.