Lumen hit by ransomware, malware attacks

Lumen Technologies disclosed this week it fell victim to two separate cybersecurity attacks, finding itself on the wrong end of a ransomware hack and a reconnaissance intrusion which installed malware on its systems. The company said, however, it doesn’t believe either event will have a significant impact on its business, financials or ability to serve customers.

News of the incident was revealed in a regulatory filing earlier this week. It was first reported by MarketWatch.

According to Lumen, the ransomware attack impacted a “limited number of the company’s servers that support a segmented hosting service.” It did not yet appear to have been resolved as of the date of the filing since Lumen added the attack “is currently degrading the operations of a small number of the company’s enterprise customers.”

The other attack saw hackers access some of Lumen’s internal IT systems and install malware to extract “a relatively limited amount of data.” The company did not specify what kind of data was taken and noted it is still evaluating whether any personally identifiable or sensitive information was stolen.

In response to the hacks, Lumen said it enlisted an outside forensic firm to contain the incidents and executed a business continuity plan to restore its customers’ systems. Law enforcement was also notified and apparently took additional steps to secure Lumen's systems.

It is not clear whether Lumen’s cybersecurity business Black Lotus Labs had any role in detecting the attacks.

Asked for further comment, a Lumen representative told Fierce: “A small handful of our enterprise customers were recently affected by a security incident. Our priority is service restoration, but we’re also simultaneously investigating the cause. At this time, we have no evidence that points to direct customer application access.” There representative added “to be clear, we do not believe either of the cyber events are material” and noted it made the disclosures only in the interest of transparency.

The fact that Lumen found itself a target is perhaps unsurprising given Black Lotus Labs recently noted telecoms were the target of 87% of the largest distributed denial of service (DDoS) attacks in Q4 and flagged newly discovered malware targeting small and medium business routers.

Additionally, the U.S. government warned last year that state-sponsored hackers from China were targeting routers from top vendors including Cisco, Juniper and Fortinet in a bid to breach communications networks. It is not clear who is behind the attacks Lumen disclosed this week.

The timing of the news is poor for Lumen given new CEO Kate Johnson recently pointed to security as an area of strength for the company. In January, she said Lumen plans to work to commercialize cybersecurity solutions from its Black Lotus Labs division.