18th March: Ransomware attack on Ubisoft ++ US Federal Trade Commission to fine CafePress ++ Bridgestone Americas recover from LockBit

Ransomware attack on Ubisoft forces company-wide password reset

A cyber security incident at Ubisoft has been confirmed. The incident caused a “temporary disruption” to some of its games, systems, and services. A gang of ransomware hackers has hinted its responsibility for the attack. Employees and users are advised to change their passwords.

Ubisoft is known as one of the world’s biggest video game companies, famous titles such as “Far Cry” and “Assassin’s Creed” have been released by the developers in recent years.

A security breach has forced a company-wide password change for all employees. According to several IT and computer magazines, users are also advised to change their passwords for ensured safety.

The hacker group Lapsus$, which is based in South Africa and was also linked to attacks on Samsung and Nvidia, reportedly used a ransomware attack trying to pressure the game developer. A post on Twitter one day after the incident shows a smirking emoji, hinting they were responsible for the security breach.

Using a technique called cryptoviral extortion, the ransomware attacker locks the victim’s files and demand a ransom payment to decrypt them. With a Trojan disguised as a legitimate file, mostly an e-mail attachment, the attackers can access the victim’s data, when the file is opened. As the attackers get more and more professional in producing malicious e-mails and attachments that really look like the real thing, employees need to be educated on a regular basis to ensure that no attachment is opened without making sure the sender is legitimate.

Luckily, according to Ubisoft, no severe damage was done to any of their systems. Either way, the incident is being investigated internally.

To clear all rumors, Ubisoft released a statement on March 10th, 2022:

“Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.”

Sources:
securityweek.com
portswigger.net
securityaffairs.co
androidpolice.com
it-markt.ch
techradar.com
bankinfosecurity.com

US Federal Trade Commission to fine CafePress for cover-up of 2019 data breach

In February 2019, hackers managed to gain access to over 20 million email addresses, passwords, and more personal information by infiltrating the systems of online customized merchandise platform CafePress, yet neither were consumers notified nor was the incident investigated properly for several months. The FTC now took action against the platform’s owners over allegations that it failed to secure consumers’ sensitive personal data and for covering up a major breach.

Samuel Levine, Director of the United States Federal Trade Commission Bureau of Consumer Protection, stated that “CafePress employed careless security practices and concealed multiple breaches from consumers.”

Knowing of the security breach long before the topic made headlines in September 2019, the CafePress owner patched the vulnerability without informing consumers in the process. The company sent first notifications only in September – after the breach had already been “reported widely” as the magazine “BleepingComputer” reports.

CafePress’ network had in fact been breached “multiple times”, long before the 2019 incident happened, which, according to the FTC, was a result of lax security practices. Storing Social Security numbers as readable text as well as holding onto data for too long were amongst the mistakes made by the American online retailer of stock and user-customized on demand products. The data gathered by hackers in 2019 stocked up to personal information of 23.2 million different users: Private email addresses and passwords, millions of unencrypted names combined with physical addresses, security questions with answers plus more than 180,000 Social Security numbers as well as thousands of payment card numbers and their expiration dates had been put up for sale on the dark web.

The US Federal Trade Commission has settled with CafePress’ owners, fining them $500,000 for their cover-up.

Sources:
techcrunch.com
ftc.gov
reuters.com
bleepingcomputer.com

Bridgestone Americas recover from LockBit cyberattack with Accentures help

A LockBit ransomware was used to compromise Bridgestone’s American systems, one of the world’s largest tire manufacturers. With the help of Accenture Security, Bridgestone quickly managed to recover the production processes and looks to strengthen its internal cyber security in the process.

On February 27th, 2022 Bridgestone Americas began investigating a cyberattack, confirming that they had “disconnected many of its manufacturing and retreading facilities” to prevent any potential impact. The company stated they had “launched a comprehensive investigation to quickly gather facts while working to ensure the security” of their IT systems right after the incident. Within ten days after the incident all plants had already resumed normal operations again, which was possible with the help of Accenture Security, one of the biggest multinational service companies in IT. With their support, Bridgestone investigates the full scope and nature of the incident and continuously analyzes to determine what data was stolen. Accenture is no stranger to LockBit ransomware, having had to fend off an attack in August 2021 themselves and achieving that the security breach would not impact internal or customer systems. Especially the mitigated attack on Accenture shows that neither specific size nor field of work can guarantee a smaller risk of being attacked, therefore protection is as important as ever.

LockBit ransomware was first observed in 2019, with the attackers encrypting Windows domains by using Active Directory group policies. Once a domain is infected the policies implement malware disabling the antivirus security, opening further doors as the malware has a self-spreading mechanism within an organization rather than requiring manual direction. LockBit is a RaaS (ransomware as a service) that can be easily bought in the darknet – including customer service. As Trend Micro puts it in an article (link below): “Another side of LockBit’s operations is its recruitment of and marketing to affiliates. It has been known to hire network access brokers, cooperate with other criminal groups (such as the now defunct Maze), recruit company insiders, and sponsor underground technical writing contests to recruit talented hackers. Using such tactics, the LockBit group has built itself into one of the most professional organized criminal gangs in the criminal underground.” Definitely one more topic to watch!

Sources:
msspalert.com
securityaffairs.co
european-rubber-journal.com
tyrepress.com
bleepingcomputer.com
msspalert.com
trendmicro.com


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.