Ferrari receives ransom demand from hackers
Italian luxury car manufacturer Ferrari disclosed on Monday that cybercriminals had demanded a ransom for potentially exposed client contact details, following a ransomware attack.
Upon receiving the ransom demand, Ferrari promptly initiated a comprehensive investigation, partnering with a leading international cybersecurity firm. The esteemed car maker also contacted the appropriate authorities, who are expected to conduct a thorough investigation in accordance with the law.
The precise timing of the incident remains undisclosed, but it might be connected to the October 2022 ransomware attack, in which the RansomEXX group alleged stealing and leaking 7 GB of data from Ferrari, a claim the automaker refuted.
In its 20th March statement, Ferrari asserted its policy against acquiescing to ransom demands, as doing so would finance criminal enterprises and perpetuate cyberattacks. Instead, the company prioritised client transparency, notifying customers of the possible data breach and its nature.
Email notifications sent to clients revealed that the compromised data may include names, addresses, email addresses, and phone numbers. However, no evidence of financial information or vehicle ownership details being affected has been discovered.
Given the exclusivity and high price range of Ferrari's automobiles, cybercriminals may find their affluent client contact list particularly appealing for crafting tailored, malicious emails.
Ferrari confirmed that the breach did not impact the company's operational functions and has collaborated with external experts to enhance its system security.
Although Ferrari did not specifically mention RansomEXX in its statement, the ransomware group has been linked to several other high-profile attacks, such as those on global logistics provider Hellmann Worldwide, software and services company Tyler Technologies, and various other organisations.
Fallout from Latitude hack continues
Following last week’s massive data breach Latitude Financial, an Australian firm, has attributed a the leak of personal information to a supplier's mishap. The company has temporarily ceased operations and customer services as it addresses an attack on its systems.
Last week, the publicly traded company halted share trading and announced that it had detected unusual system activity, indicative of a sophisticated and malicious cyber-attack.
Interestingly, Latitude informed investors that the attack stemmed from a major vendor utilised by the company.
According to Latitude, as a result of the attack on the vendor, credentials of its employees were exposed, which were subsequently used to access two other service providers responsible for tasks like identity verification. The compromised credentials enabled access to over 100,000 identification documents from one provider and more than 225,000 customer records from the other. The accessed data encompassed details from driver's licences, passports, and health insurance cards. In Australia, it is standard practice for financial services companies to secure multiple identification forms before opening accounts; hence, Latitude's possession of such data is not unusual. Customers in New Zealand were also affected.
The breach is the latest in a series of major attacks on Australian companies, following hacks at Optus and Medibank, among others.
German and South Korean Authorities Alert of Kimsuky's Growing Cyber Assault Techniques
German and South Korean intelligence agencies caution against Kimsuky's evolving cyber attack methods, which employ malicious browser add-ons to compromise Gmail accounts.
The warning is jointly issued by Germany's Federal Office for the Protection of the Constitution (BfV) and South Korea's National Intelligence Service of the Republic of Korea (NIS).
The cyber assaults primarily target specialists in Korean Peninsula and North Korea affairs, employing spear-phishing strategies, as reported by the authorities.
Kimsuky, alternatively identified as Black Banshee, Thallium, and Velvet Chollima, is a subunit of North Korea's Reconnaissance General Bureau, focusing on gathering strategic intelligence on events and negotiations impacting North Korea's interests.
Key targets encompass organizations in the U.S. and South Korea, specifically those in the government, military, manufacturing, academia, and think tank sectors.
Mandiant, a threat intelligence company owned by Google, revealed last year that Kimsuky's activities involve gathering financial, personal, and client data, particularly from South Korea's academic, manufacturing, and national security industries.
Recent offensives by the group indicate a broadening of their cyber operations to include Android malware variants such as FastFire, FastSpy, FastViewer, and RambleOn.
Kimsuky's use of Chromium-based browser add-ons for cyber espionage is not unprecedented, as the group has previously employed similar tactics in operations known as Stolen Pencil and SharpTongue.
The revelation emerges as the North Korean advanced persistent threat (APT) group, known as ScarCruft, has been connected to various infiltration techniques used to introduce PowerShell-based backdoors into compromised systems.
