[Security Weekly] Canon Faces Service Outage After Ransomware Attack and Data Breach
1st Week of August 2020
1. Canon faces service outage after Maze ransomware steals 10TB of data
Canon, the global leader in digital camera and imaging, has suffered a ransomware attack which led to a series of service shutdowns and loss of data.
The initial incident occurred on July 30 where the image.canon cloud storage service was suspended. On August 4, the company issued a notification on its website informing customers that all photos and videos stored in image.canon’s 10GB free storage were lost.
A day later on August 5, Canon made another public announcement revealing that the company was experiencing system issues affecting many of its applications such as emails and Microsoft Teams. A number of Canon’s domains were also out of service, including canonusa.com and usa.canon.com.
On August 6, Canon confirmed through an internal message to its employees that the company suffered a ransomware attack.
The Maze ransomware operators claimed responsibility for the attack. Specifically, they claimed to have stolen over 10TB of data from Canon’s private databases before encrypting them. However, they did not disclose what specific information was contained in the data.
The odd part is that the Maze ransomware operators said that the initial outage of image.canon was not related to their attack. Canon has not commented on the cause of that either.
2. Intel’s intellectual property leaked online in 20GB data breach
On August 6, over 20GB of internal data from the world’s leading chipmaker Intel were published online on MEGA, a cloud storage and file sharing platform. Among these files, many were labeled as “confidential” or “restricted secret”.
The data was not directly published by the hacker. Instead, it was freely given to a Swiss software engineer named Till Kottmann, who uploaded the data on MEGA. Till Kottmann is well known for operating a Telegram channel dedicated to uploading accidentally leaked data from major companies.
The files were reviewed by security experts at ZDNet, who found highly sensitive documents including intellectual property relating to chip design, as well as other guides and manuals for CPUs. The files did not contain any personal information of customers or employees.
According to Till Kottmann, the hacker claimed to have obtained the data through an unsecured cloud server hosted by Akamai after trying the default username and password.
However, Intel denied the claim and brought a different explanation. It claims that the data was leaked by a high-profile employee who unauthorizedly downloaded the data from the Intel Resource and Design Center.
3. Havenly among 18 firms hit by ShinyHunters, 1.4 million user accounts leaked online
Havenly, an interior design firm offering online consultation services, has suffered a data breach that compromised nearly 1.4 million of its user account records.
The account records were posted on the dark web for free download by ShinyHunters, a threat group that is responsible for successively hacking 18 companies in the past few months.
Havenly reassured its customers that no financial information and payment card details were leaked. However, it failed to mention that personally identifiable information such as names, phone numbers, email addresses, locations, and hashed passwords were among those compromised data. The company later advised all customers to change their passwords.
Havenly is one of the 18 firms that have been recently attacked by ShinyHunters. Most of these data breaches were similar, where user accounts and personal data were found online available for free download.
Other victims include digital banking firm Dave with 7 million leaked records, marketing video maker Promo.com with 22 million records, alcohol delivery service provider Drizly with 2.4 million records, to name a few.
4. Sensitive data of LG and Xerox published online following Maze ransomware attack
On August 4, operators behind the Maze ransomware published sensitive internal data of both LG and Xerox on their online portal dedicated to leaking victims’ data. The leak involved 50GB of data stolen from LG Electronics and 26GB of data from Xerox. This is a month after both companies were hit by the Maze ransomware back in June.
The Maze ransomware group is well known for launching double extortion attacks. After gaining access to the corporate network, they would first exfiltrate a copy of selected sensitive data, then encrypt the entire database, after which they would demand a ransom in exchange for decrypting the database. If the victim refuses to pay, they would demand another payment by threatening to publish the exfiltrated data. (Click here to learn how to defend against a double extortion attack.)
Clearly, both LG and Xerox refused to pay the initially demanded ransom, and are now at the end phase of the double extortion attack.
Published data from LG included the source code of its products. Maze ransomware operators said that after exfiltrating the sensitive data, they did not execute the ransomware because they did not want to interrupt LG’s operations as many of its clients are significant social contributors.
In the case of Xerox, the leaked data appeared to be related to customer support, involving the personal information of employees and potentially customers.
However, on the same day, confidential data from LG Electronics USA’s R&D center was posted by another hacker on a hacking forum for sale at a price of up to $13,000. Experts believe that the intrusion to both companies’ networks was likely done by exploiting a vulnerability in the Citrix ADC servers.
Companies should always protect their sensitive data with an encryption solution like D’Amo.
5. British Dental Association suffers data breach, bank account details compromised
The British Dental Association (BDA) made a public disclosure about a data breach that occurred on July 30 which could have compromised the personal information and bank account details of its member dentists.
The BDA is a professional association of certified dental practitioners in the UK. Even though it does not possess any personal data of patients, it does store the personal data including bank account numbers of its members used to collect direct transfer payments.
The organization is still investigating the specific details of the attack, and is unsure of the extent of the data leak. Nonetheless, it has informed its members to be cautious about potential financial fraud.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security