IT reseller giant SHI International knocked offline by cyberattack

New Jersey-based IT reseller and service provider SHI International was knocked off the web after a July 4 cyberattack.

Described by the company as “a coordinated and professional malware attack,” the incident happened over the US holiday weekend and resulted in the company pulling the plug on much of its public presence (including email and websites) while security and IT staff assessed the situation.

Email, according to SHI, came back yesterday and “the IT teams at SHI continue to work on bringing other systems back to full availability in a secure and reliable manner.”

At the time of writing, the privately-owned company’s home page consisted only of the latest security update.

SHI said “there is no evidence to suggest that customer data was exfiltrated during the attack” and that it was liaising with the FBI and CISA regarding the incident. It also stated that no third-party systems in the SHI supply chain had been affected.

The incident is an embarrassment for an IT services giant such as SHI. One would have thought the company would have had defenses against such an attack as well as a disaster recovery plan ready to pull out at a moment’s notice, but here we are.

As it is, SHI appeared to lack even a cogent communications plan as its social media voicebox offered up a “Happy Independence Day” tweet before increasingly panicked customers reported that both email and phone lines were down. It took until July 6 for the company to post an update.

The Register contacted SHI to learn more about the nature of the attack, what the company had done to recover, and what disaster recovery planning was in place. SHI has yet to respond.

The outage is significant. SHI is a major supplier to US government and commercial enterprise customers, and notched up $12b in revenue in 2021. Its slogan is “Ridiculously Helpful.” To miscreants as well as customers, judging by recent events. ®

READ MORE HERE