Roughly a week after discussing the emergence of the BlackMatter ransomware group, technology giant Olympus is allegedly investigating an attack by the newer group.
The company known for its cameras is currently investigating a security incident, as it explained in a statement released by Olympus over the weekend. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue. As part of the investigation, we have suspended data transfers in the affected systems and have informed the relevant external partners.”
According to TechCrunch, Olympus received a ransom note that allegedly stated, “Your network is encrypted, and not currently operational. If you pay, we will provide you the programs for decryption.”
What's the takeaway for manufacturers?
According to Glasswall CEO Danny Lopez, reports of ransomware hitting technology companies is especially troubling, given the importance of the work being done by these types of organizations. While there is still speculation on the exact details of the attack, it is still worth underlining the importance of good security practice.
“Organizations need to adopt robust processes for onboarding and off-boarding employees and affiliates that may receive access to key information systems. It's vital to control privileged access and to monitor those that enjoy that administrator privilege,” says Lopez in a statement. “Ensuring that multi-factor authentication is enforced wherever possible, is a vital defense where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.”
As Lopez explains, “Even if all procedures and policies are well executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that technology organizations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.
Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organizations exposed, explains Lopez. “Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network,” he says. “In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organizations run the risk of attackers having a free reign across a network once they are inside.”
The recent cyberattack on technology giant Olympus represents a major wake-up call–no large global corporation should consider itself exempt from ransomware attacks, adds Neil Jones, cybersecurity evangelist with Egnyte, in a statement.
“Senior executives and IT leaders should also be aware that no technological solution is 100% effective, but a large percentage of ransomware attacks can be prevented with diligent preparation,” says Jones. “Unfortunately, even in technologically sophisticated organizations like Olympus, the methods and tools being employed don't meet the security and control needs to combat today’s threats. Security must be viewed as much more than a checklist. The best solutions fit in a broader sense of governance but still make it easy to share files with anyone, without compromising users' security and control.”
Jones continues, “The reality is that all content and communications are vulnerable without proper data governance, and it’s imperative that organizations protect the data itself. This type of security incident occurs regularly, particularly to multinational companies that have a natural target on them because of their size and the mission-critical systems they use to communicate with thousands of global employees on a daily basis. If secure file collaboration tools with suspicious log-in capabilities are implemented correctly, they can render cybercriminal attacks ineffective. Used in a case like this where adversaries were able to infiltrate the network and impact business activities, the systems themselves would have been inaccessible to outsiders, and the company's valuable data would have remained protected.”
According to Ralph Pisani, president of Exabeam, "Ransomware remains a security Achilles heel. Understanding ‘normal’ versus ‘abnormal’ behavior sheds light on the presence of ransomware and its precursor problems, yet far too few organizations are able to see the canary in the coal mine,” he says in a statement.
“However, organizations that work to understand the cycle of compromise, taking the time to understand normal behavior, will uncover the ransomware as abnormal before it strikes,” says Pisani. “If organizations are serious about ransomware, they must up level their capability to manage intrusions; a leading method of adoption is user and entity behavior analytics (UEBA) to detect behavioral deviation and spot malicious activity at far earlier stages of an attack.”
Since ransomware is the product of earlier undetected intrusions, the window of opportunity for disruption and removal it out is small, explains Pisani. “Commodity security tools require too many static rules, generate far too many false positives, and do more harm than good. Organizations without advanced analytics will struggle getting ahead and are extremely vulnerable to the negative outcomes of ransomware,” he says.
Stay tuned. This is an unfolding story, and we will continue to update this post as more information is available.