Stryker Cyberattack Highlights Criminal Focus on Enterprise Systems

Cyberattackers, increasingly state-linked criminal groups, are orchestrating multifaceted campaigns designed to disrupt operations and extract leverage. The medical device company Stryker suffered a cyberattack this month that wiped more than 200,000 devices worldwide by exploiting the company's own Microsoft system. A sign posted at the company's Michigan headquarters on March 11 advised employees to stay off the network and refrain from using computers or WiFi. On March 23, Stryker reported in a Form 8-K filing to the SEC that it had contained the situation. The incident highlights vulnerabilities in edge devices like routers, firewalls, and VPN gateways, as well as the increasing use of 'vishing' (voice phishing) to manipulate employees.