December 9, 2022

Japanese electronics big Panasonic has confirmed that its Canadian division suffered a cyberattack in February, after ransomware-as-a-service (RaaS) gang Conti leaked information to its darkish website final week. It’s the third high-profile cyberattack that Panasonic has suffered previously 18 months, an indication that international conglomerates generally is a tender goal.

Panasonic has suffered three high-profile cyberattacks within the final 18 months. (Picture by AaronP/Bauer-Griffin/GC Pictures)

Panasonic cyberattack: HR recordsdata leaked

In a press release supplied to TechCrunch yesterday, Panasonic confirmed that its Canadian operations had been breached in a “focused cybersecurity assault” in February.

“We took speedy motion to deal with the difficulty with help from cybersecurity consultants and our service suppliers,” the corporate mentioned. “This included figuring out the scope of affect, containing the malware, cleansing and restoring servers, rebuilding purposes and speaking quickly with affected prospects and related authorities.”

On April fifth, Conti shared a lot of recordsdata, ostensibly stolen from Panasonic Canada, on its darkish internet leak website. A display shot seen by Tech Monitor seems to indicate folders containing HR paperwork and different probably delicate recordsdata.

Conti’s motivation in sharing this information on-line is “to validate the hack and stress the sufferer into paying,” explains Jon DiMaggio, chief safety strategist at menace intelligence supplier Analyst1.

“We are able to anticipate the information to be launched or bought if Panasonic doesn’t pay the ransom,” DiMaggio provides. Panasonic has not revealed whether or not a ransom has been demanded or paid.

Panasonic’s cybersecurity complications

That is the second high-profile cyberattack that Panasonic has suffered previously six months, and the third in 18 months.

In November final 12 months, it disclosed a breach during which its community was “illegally accessed by a 3rd occasion.” The corporate “decided that some information on a file server had been accessed through the intrusion”.

Content material from our companions
Data and network recovery key for cyber resilience

‘We need to trust each other’: Why UK police must collaborate to fight cybercrime

The state of cybercrime in 2022: What it costs and where it comes from

The intruders had entry to the corporate’s techniques for greater than 4 months earlier than being detected, in line with stories on the time, and have been capable of entry buyer and worker delicate data.

In October 2020, Russian cybercriminals launched a 4GB cache of knowledge stolen from Panasonic’s Indian division and demanded a $500,000 ransom. The corporate instructed reporters that the information was not delicate.

International conglomerates akin to Panasonic might be a straightforward goal for cybercriminals, says Andy Norton, European cyber danger officer at safety vendor Armis, resulting from their scale and organisational complexity.

“International and numerous organisations akin to Panasonic usually fall sufferer,” Norton explains, “firstly as a result of they’ve problem in precisely assessing the danger to the varied components of their organisation, merely resulting from the truth that they don’t have the visibility into the varied enterprise models. And secondly, as a result of they’re then unable to use constant danger administration controls throughout the board.”

Panasonic cyberattack: Conti strikes once more

Conti was essentially the most prolific ransomware group final 12 months, in line with analysis by safety firm Sophos, accounting for 16% of ransomware assaults.

It has notched up at the very least 700 victims and has a monitor document of concentrating on healthcare suppliers. The group claimed duty for the ransomware assault on Eire’s Well being Service Government final 12 months, which can value the organisation as much as an estimated €100m.

Conti, which is believed to function in Russia, has develop into embroiled within the Ukraine battle. Professional-Ukraine hackers infiltrated the group final month and leaked inner communications on-line. One group has since claimed to have used Conti’s personal ransomware in opposition to Russian targets.

Unusually, the group continues to function beneath the ‘Conti’ model regardless of this publicity. “Ransomware teams are inclined to reinvent themselves with completely different identities following an excessive amount of notoriety,” says Norton. “Nevertheless, Conti has not felt the necessity to try this after their very own leak.”

Learn extra: Hive ransomware gang strikes Indonesian gasoline big PGN

Supply hyperlink