This month’s highlights included a wave of cyberattacks on the automotive industry, with a notable attack in Japan. Ransomware groups continue to disrupt organizations’ productivity with data exfiltration and millionaire ransom demands. Read on to find out more about what we’re talking about this month.
Cybersecurity nightmare in Japan is everyone else’s problem too
Japan’s increasing vulnerability to cyberattacks has relevant implications for global supply chains. Kojima Industries, a small company in Japan, was hacked in February 2022, and brought Toyota’s entire production line to a halt, costing approximately $375 million. Japan has experienced a surge in ransomware attacks, and cybersecurity incidents have exposed shortcomings in incident response and transparency.
Japan’s position as a major player in high-end manufacturing and its dominance in certain industries, such as electronics and semiconductor production, make it a prime target for cybercriminals. While Japan is taking steps to enhance cybersecurity, there are cultural and organizational challenges that hinder progress, including resistance to disclosure and system upgrades. The cybersecurity challenges Japan is going through serve as a warning for other technologically advanced countries that underestimate the realities of cybercrime and the potential disruption to supply chains.
Japan is the 3rd largest automotive manufacturer in the world after China and the U.S. If they’re experiencing these brutal setbacks it is just a matter of time until it reaches other countries too. Supply chain compromises were behind 19% of the attacks in 2022, and it doesn’t seem to be slowing down this year. Adversaries look for weaknesses in global organizations and have found a weak link with third party suppliers. Studying these vulnerabilities before they enter the production environment helps avoid these drastic production halts.
Gorka Ariznabarreta, Product Marketing Manager
Source: Bloomberg, April 18
UK and US issue warning about APT28 actors exploiting poorly maintained Cisco routers
APT28, a threat group associated with Russia’s military intelligence agency, the GRU, has been detected exploiting a recognized vulnerability and taking advantage of poorly configured networks to infiltrate Cisco routers globally and install malware. UK and US agencies have rallied to release the advisory to warn organizations of the potential risks and encourage network defenders to ensure the latest security updates are applied to their routers. This includes applying the security update released by Cisco to address the vulnerability CVE-2017-6742.
Fancy Bear AKA APT28 is one of the most infamous threat actors in the world today. This nation state attacker is sophisticated and relentless. Their tactics are always changing and adapting to accomplish their mission of breaching organizations networks for nefarious reasons. This article put out by leading government agencies responsible for protecting our respective countries from these threat actors underscores the need for not only better cybersecurity hygiene but overall IT hygiene. Exploiting enterprise data center devices because the factory configuration is utilized in production or the time to properly configure the device wasn’t taken is unacceptable and provides threat actors a way into your network. By incorporating CounterCraft deception into your overall cybersecurity architecture we can help misdirect, slow down, and confuse the threat actor in addition to act as a early warning system that an attacker is targeting and attempting to break into your network as they attack our deception environment giving organizations time to go shore up their production defenses. Only CounterCraft deception technology can help organizations take a Proactive Cybersecurity stance.
Shunta Sanders, Director of Global Pre-Sales Engineering
Source: NCSC, April 18
Western Digital says hackers stole data in ‘network security’ breach
Data storage company Western Digital has confirmed that it suffered a network security breach, noting that an unauthorized third party gained access to “a number” of internal systems. It is yet unclear what information was taken or how the hackers gained entry, though the nature of the attack suggests ransomware was used.
The attack caused disruption to the company’s business operations, completely shutting down its My Cloud network-attached storage service (NAS), which allows customers to access files online. The company is working with an undisclosed cybersecurity firm to investigate the attack and is also cooperating with law enforcement agencies.
Yet again another company on the news that has been breached so far this year. And it won’t be the last. In fact, 101 ransomware incidents have been reported so far this year. That’s a 20% increase from last year. The state of ransomware is incredibly concerning for global organizations right now, and one of the most sophisticated ways (and probably the only way) to defend against it is by learning from them. Imagine learning how these ransomware groups operate before they target you. Your security team stays one step ahead.
Fernando Braquehais, Founder and Director of Development
Source: Techcrunch, April 3
MSI confirms breach as ransomware gang claims responsibility
A newly emerged ransomware group, Money Message, confirms that it has breached MSI, the computer manufacturer giant and pilfered the firm’s source code, which comprises the framework for the BIOS utilized in MSI merchandise. The corporation disclosed a report to the Taiwanese stock exchange stating that it had suffered a “cyber attack,” but the specifics of the incident were not extensively elaborated.
Money Message posted screenshots of the stolen files on the group’s dark web site. The ransomware group is reportedly demanding $4 million or it will leak the stolen data, which includes company source code.
Cyber criminals are becoming increasingly brazen in their attacks, as demonstrated by the Money Message ransomware group’s theft of MSI’s source code. Ransomware groups are looking for leverage on their hacks putting in check all of the company’s customers’ privacy. A very smart move from ransomware groups. It is very hard for companies to defend against ransomware if they don’t take a proactive approach.
Member of the Threat Intel Team
Source: PC Mag, April 7