[Security Weekly] German IT Giant Software AG Suffers Ransomware Attack, $23 Million Demanded

Security Weekly_Software AG

3rd Week of October 2020


1. German software giant Software AG suffers ransomware attack, $23 million demanded

Software AG, the second-largest software vendor in Germany and the seventh-largest in Europe, disclosed a ransomware attack that led to the shutdown of its IT systems and the compromise of sensitive data. Software AG sells software products to over 10,000 enterprise customers across more than 70 countries.

The initial attack took place over the weekend of October 3, when operators of the Clop ransomware gained access to Software AG’s IT systems and exfiltrated sensitive files before encrypting them. The intrusion was not detected until October 8, when the company detected suspicious downloads of data from the database servers and computers. The ransomware gangs demanded $23 million in exchange for the decryption key, making it one of the largest ransomware demands ever.

On October 9, the attackers published screenshots of the stolen data on its leak site. The data appeared to contain scans of employee IDs and passports, employee emails, corporate financial information, and directories from the internal IT network.

Software AG reassured the public that customer-facing services remained functional, and that there had been no evidence of a leak of customer information.

To minimize the potential costs of ransomware attacks, adopt a database encryption solution like D’Amo, so that even if a ransomware infection occurs, the attackers would not be able to exfiltrate the data. To learn more about D’Amo, click here.

Sources: Threatpost, SiliconANGLE


2. Governments of Five Eyes, Japan, and India repeat calls for encryption backdoor

The governments of the Five Eyes, along with Japan and India have issued a joint statement over the weekend of October 10 demanding tech firms to create encryption backdoors to their end-to-end encryption (E2EE) services. The Five Eyes is an intelligence and espionage alliance consisting of the US, UK, Canada, Australia, and New Zealand.

This is an ongoing argument between governments and the tech industry. From the perspective of the tech firms, incorporating E2EE in their messaging, voice call, and video call services allow users to communicate safely online without the need to worry about their information getting accessed by anyone else, including the service providers. From the governments’ perspective, E2EE makes these services a safe haven for criminals to freely communicate on illegal activities and transfer illegal digital files because it would be impossible to investigate such activities. Furthermore, E2EE has contributed to a significant disadvantage for democratic countries when it comes to intelligence-gathering capabilities.

Once again, the seven governments are demanding backdoors to both device encryption and application encryption. Even though the tech industry repeatedly emphasized that encryption backdoor and user privacy cannot coexist, governments are claiming that tech firms are not trying their best to look for a solution.

Sources: Computer Weekly, Infosecurity, South China Morning Post


3. Ransomware hits US Tech firm IntcomeX, leaks 1TB of highly sensitive data

Miami-based Intcomex, a value-added reseller of hardware and software products and services, suffered a ransomware attack that led to the compromise of 1TB of highly sensitive data.

The scale and sensitivity of the compromised data are highly troublesome. Some of the stolen information includes complete credit card information, scans of passports and licences, financial statements and account information, customer databases, and employee databases.

What’s more concerning is that Intcomex lacked basic cybersecurity measures to detect and mitigate the attack. The attack remained undetected until the attackers published parts of the stolen data on a Russian hacker forum. The first leak occurred on September 14, where a folder named “Internal Audit” with a size of 16.6GB was published. A second leak followed on September 20, where an 18GB folder named “Finance_ER” was uploaded. The attackers warned that if the ransom payment negotiations fail, more sensitive data would be released.

Intcomex stated that it is working closely with cybersecurity experts for a solution and would soon notify impacted customers. Since the company sells extensively to the Caribbean and the Latin American market, it could end up with a variety of fines, reimbursements, and insurance fees.

To learn how to mitigate a ransomware attack like this, read: How to Defend Against Double Extortion Ransomware Attacks.

Sources: Threatpost, SiliconANGLE


4. Cyberattack at Georgia DHS compromises personal data of parents and children

On October 9, the Georgia Department of Human Services (DHS) disclosed a serious data breach caused by a cyberattack back in May, compromising the personally identifiable information (PII) of Georgian parents and children.

The initial intrusion occurred on May 3 when the hackers obtained access to a number of employee email accounts. These accounts contained the PII and health-related information of parents and children who signed up for Child Protective Services (CPS) and the DHS Division of Family and Children Services (DFCS). The attack was only detected three months later on August 10.

Compromised information varied by victim. For some, it included full names, dates of birth, county of residence, phone numbers, email addresses, social security numbers, Medicaid identification numbers, Medicaid insurance numbers, DFCS identification numbers, DFCS case numbers, and more.

The psychological health reports, medical diagnosis, and drug abuse information for 12 people were also exposed, along with the bank account information for one individual.

The Georgia DHS has issued several alerts on its website and has been directly notifying the affected victims. The attack method used remains unclear.

Sources: ZDNet, AllOnGeorgia


5. US bookseller Barnes & Noble hit by cyberattack, e-book services down

Barnes & Noble, a Fortune 1000 company and America’s largest book retailer, disclosed a cyberattack incident following days of service disruptions. The personally identifiable information (PII) of customers may have been exposed.

Over the weekend of October 10, customers of Nook — Barnes & Noble’s e-book reader and application platform — began to complain about service disruptions and connectivity issues. Many were not able to login into the platform. Some were unable to access the e-libraries. Others reported that all the books they had previously purchased disappeared. 

Some of the offline retailers’ registrars also experienced temporary outages. Initially, Barnes & Noble blamed the issues on a “system failure”. After days of service disruptions, the company finally admitted on October 14 that it had suffered a cyberattack.

According to an email sent out by Barnes & Noble, the network intrusion took place on October 10. Apart from disrupting its services, the attack may have led to the exposure of the customers’ phone numbers, email addresses, billing and shipping addresses, and detailed transaction histories. Nevertheless, the company reassured its customers that all payment card information was safely encrypted prior to the attack.

Sources: ZDNet, Infosecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security