At a glance.
- Ermenegildo Zegna ransomware incident update.
- Panasonic data breach reported.
Update: a fashion house's 2021 breach.
Ermenegildo Zegna filed a Form 424B3 (Prospectus Supplement) with the US Securities and Exchange Commission (SEC) providing more detail about a cyberattack the luxury fashion brand sustained last August. BleepingComputer observes that the company had disclosed the attack at the time, and that this most recent filing confirms that the incident was indeed a ransomware attack. Shortly after the attack was disclosed, the RansomEXX gang claimed responsibility and published some stolen files as an offer of evidence that they had the goods they claimed to have taken. Zegna did not pay the ransom, and the company's filing this week was sober and direct about the potential consequences of the breach:
"A malfunction that results in a wider or sustained disruption to our business could have a material adverse effect on our business, results of operations, and financial condition. In addition to supporting our operations, we use our systems to collect and store confidential and sensitive data, including information about our business, our customers and our employees.
"Any unauthorized access to our information systems may compromise the privacy of such data and expose us to claims as well as reputational damage. Ultimately, any significant violation of the integrity of our data security could have a material adverse effect on our business, results of operations, and financial condition."
Chris Clements, vice president of solutions architecture at Cerberus Sentinel, thinks Zegna deserves a victory strut down the catwalk because of the way it recovered without knuckling under to the criminals' demands:
“As these things go, it’s fantastic that Ermenegildo Zegna recovered without capitulating to the cybercriminal gang’s ultimatums. Not paying cybercriminals extortion demands is one of the most effective ways to deter cyberattacks, but far too few companies that find themselves in similar situations to restore operations in a timely fashion. We’ve long since reached the point that organizations of any size and in any vertical must assume that they may potentially fall victim to a comparable cyberattack and implement a strategy not only for prevention, but also for restoring systems and data at company-wide scale should the worst happen.
"This attack also highlights the reality that cybercriminals will target any organization, not just ones with data valuable to sell or billions of dollars in the bank. With ransomware extortion payouts routinely venturing into millions of dollars, cybercriminals have a powerful incentive to compromise every organization they are able to.”
It's worth noting that the fashion house's customers are likely to include retailers and high-net-worth individuals, so criminals would perceive a value in the firm's data.
Erich Kron, security awareness advocate at KnowBe4, also thinks Zegna did pretty well, but cautions that not every victim will be able to pull off this kind of recovery.
“Ransomware attacks continue to plague organizations of all sizes and across all industries, many of whom do not fare as well as in this case. While they were able to recover data and resume operations thanks to backups being available, modern ransomware gangs often operate by exfiltrating data and threatening to release it publicly as well as encrypting it, a problem that backups did not solve, resulting in the publishing of over 20GB of data to the internet.
"While the operational impact of ransomware can be severe, the publication of data, especially if it contains employee or customer information, can result in very significant fines from regulators.
"To protect against the impact of ransomware attacks, organizations should concentrate on prevention as well as recovery, ensuring that staff is trained to spot and report email phishing attempts, the most common method of initial network infiltration, and should test backups regularly to ensure data can be recovered quickly. In addition, the use of Data Loss Prevention (DLP) controls can help spot data being exfiltrated from the network, before it can be used as leverage against the organization.”
Panasonic data breach reported.
Panasonic's Canadian operation is reported to have sustained a cyberattack in February. TechCrunch reports that the attack appears to be the work of the Conti ransomware gang, privateers who operate from a safe haven inside Russia. Some 2.8 GB of data are thought to have been stolen. There are indications that at least some of the files were taken from the company's finance and human resources departments, which suggests a risk to personal information. Panasonic said, “We took immediate action to address the issue with assistance from cybersecurity experts and our service providers."
Danny Lopez, CEO of Glasswall, points out that Panasonic isn't an outlier: more companies across more sectors are being subjected to this kind of cyberattack.
“Panasonic is not alone. Ransomware attacks across industries are on the rise.
"Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It's vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.
"Even if all procedures and policies are well executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.
"Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.”
Amit Shaked, CEO and co-founder of Laminar, sees the reattack of Panasonic as more evidence that data now amount to a currency:
"Panasonic being hit twice by data breaches in less than six months reinforces the notion that data is now a currency that not only drives companies, but hackers too. The sheer amount of sensitive data now available in the cloud is staggering and only increasing. The problem is most security teams have no idea where their sensitive data is in the cloud and the old adage remains true, you can’t protect what you don’t see. To safeguard against a majority of today’s data breaches, organizations must have complete data observability and adopt a data-centric approach to security. Doing so helps security teams understand where an organization's most sensitive data is, whether or not it has proper controls in place and if it is being monitored or not.”