Ferrari Suffers Document Leak Days After Announcing Cybersecurity Partnership
Ferrari acknowledged the internal documents are rotating online but said it has no evidence of a ransomware attack claimed by the RansomEXX gang.
Automaker Ferrari confirmed the leak of some internal documents but didn’t say how it happened. On Monday, RansomEXX, a ransomware-as-a-service operator, claimed to have breached Ferrari, though the company said it is investigating how the leak occurred.
Italy’s Red Hot Cyber reported that internal documents, including repair manuals, datasheets, etc., sizing up to 6.99 gigabytes, were leaked. RansomEXX has added Ferrari, whose racing division Scuderia Ferrari partnered with Bitdefender last week, to its list of victims.
“If the claims from the ransomware gang are true, this once again highlights that criminals are constantly on the lookout for new victims to target, and they will often hit a company in retaliation to something it has done or said,” Jordan Schroeder, managing CISO at Barrier Networks, told Spiceworks.
“In this case, it really does look like an attempt to embarrass a well-known brand for its claims about its security. Companies should be very careful about their claims around how secure they are in case they quickly need to explain how they suffered a breach shortly after.”
After this story was published, Bitdefender spokesperson Steve Fiore reached out to Spiceworks and clarified that Ferrari Scuderia is not using any Bitdefender products or services yet.
According to an email the Italian luxury and sports car maker sent to Red Hot Cyber, the company said it has no evidence so far that the incident was ransomware and that there had been no disruption of its services. Dario Esposito, responsible for corporate and financial communication at Ferrari, “The Company is working to identify the source of the event and take all necessary actions.”
See More: Fast Company Data Breach: Hackers Sent Offensive And Racist Push Notifications to Users
RansomEXX is a four-year-old ransomware gang named after a namesake string ransom.exx hardcoded in its binary. It targets both Windows and Linux systems. “RansomEXX are known to leak significant amounts of victim data, an example being the Bombardier breach from August where 30GB was released,” Drew Perry, CEO of Tiberium, told Spiceworks.
“They conduct multi-staged human-operated attacks, and the first step is they disable security products. It is critical that anyone using EDR and endpoint protection tools use Anti Tamper configurations to prevent this; this is built into Windows and Defender products.”
According to Trend Micro, RansomEXX primarily targets companies in manufacturing, followed by education, banking, technology, media, and finance sectors.
Roger Grimes, a defense evangelist at KnowBe4, told Spiceworks, “I’m not sure how Ferrari was compromised, but the evidence on how best to defend against cybersecurity attacks is clear. There are four things all defenders can be doing to mitigate hacker and malware attacks:”
- Better focus on preventing social engineering, using a best defense-in-depth combination of policies, technical defenses, and education,
- Patch software and firmware, especially any that are listed on CISA’s Known Exploited Vulnerability Catalog, which are the code vulnerabilities being exploited by real-world hackers against real-world targets,
- Use phishing-resistant multifactor authentication (MFA) where you can to protect valuable data and systems and,
- Using different, secure passwords for every site and service where MFA cannot be used.
“There are no other defenses besides these four, that would have the most impact on decreasing cybersecurity risk. It is the world’s lack of focus on these four defenses that has made hackers and malware so successful for so long.”
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON CYBERTHREATS
