Cyber Bites, Malware, News, Phishing and Ransomware, Uncategorized

Capcom release final update on ransomware attack

Following the news, security experts have been commenting on the incident:

 

Lewis Jones, Threat Intelligence Analyst at Talion:

This was one of the biggest Ransomware attacks of 2020, with an estimated 390,000 users affected. The fact it has taken Capcom nearly 6 months to restore its systems and fully investigate the attack is a warning for organisations across the world that Ransomware should be taken seriously. Despite this, Capcom state that whilst a ransom demand was made it never communicated with the attackers and didn’t pay the demand. Therefore it is expected that the breached data could be made public, if not already.

 Interesting the company confirmed that the attackers targeted an “older backup VPN” which remained in use due to increased demand arising from the Covid-19 pandemic. This highlights the importance of organisations patching against vulnerabilities and keeping systems up to date.

 The company does appear to have managed the situation as well as possible in terms of keeping customers up to date with regular statements and set up a Japan-only phoneline for individuals who wish to inquire about the personal information that has potentially been compromised (0120-400161). North American and European customers are advised to contact its customer support.

Capcom has now confirmed that no credit card details have been breached, however, a large number of former staff and customer details have been stolen. For customers of Capcom who may be affected by the breach, be cautious and act as if your personal details have been breached until notified otherwise. Be alert to incoming texts, calls and emails utilising the information shared in this incident from unknown sources demanding further personal information or payment. Also, consider the password you utilise for this account, if this has been duplicated on other personal accounts, this should be changed promptly.”

 

Eoin Keary, CEO and Founder of edgescan:

Unfortunately, this is a case of poor visibility in terms of attack surface. The hosting of old, deprecated or unpatched systems on corporate networks is an extremely common vector for system and data breach. The root cause of the majority of attacks against both small and enterprise organisations is known or old vulnerabilities and systems. An attacker simply needs to find one critical risk issue to be successful. This comes down to fundamentals: visibility and continuous maintenance. We can’t secure what we can’t see. Assuming staff at Capcom knew there was an “old” VPN present, the system may have been updated or addressed to maintain a secure posture.

Continuous Visibility and vulnerability management across the full stack would help detect such weaknesses and implementing such programmes is generally much more cost-effective than recovering from a ransomware attack or data breach.

 

Jamie Akhtar, CEO and co-founder of CyberSmart:

“The fact that a major breach such as this resulted due to the use of an old VPN server is unfortunate, particularly as this was done simply to accommodate for the Covid-19 pandemic. Organisations can have all the latest tech and defences but just one oversight can lead to significant consequences. As the saying goes, security teams need to get it right 100% of the time, while bad actors only need to get it right once. It is highly likely that many organisations are in a similar position, making compromises to enable remote working. There is no denying the difficulty of this situation, but businesses can get started by ensuring they are meeting basic cyber hygiene measures. This includes keeping software up to date, changing passwords to be complex and unique, and encouraging regular security awareness training.” 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × one =

This site uses Akismet to reduce spam. Learn how your comment data is processed.