It has been reported that a Chinese nation-state hacking group known as APT10 has hacked and stolen data from Visma, a Norwegian company that provides cloud-based business software solutions for European companies. The intrusion into Visma’s network took place on August 17, 2018, according to a joint report published today by US cyber-security firms Rapid7 and Recorded Future.
— Sonny 🇨🇦❄️⚓ (@browninfosecguy) February 9, 2019
Sam Curry, Chief Security Officer at Cybereason:
“As I commented in my last blog, we so often only know about cyber conflict when it goes wrong. It’s important to state right up front that there is no shame in being targeted and rarely shame in being compromised. The exception is when departments are lax or incompetent and emphasises the need for advanced detection and smart automation. Nevertheless, as Willie Sutton was famously misquoted saying when asked why banks are robbed “…because that’s where the money is,” in a very real way, being targeted is a consequence of success. What matters most is how we comport ourselves and act during a breach and after. In the end, companies can be villains or heroes, but they do not have the luxury or ability to wallow in being victims of attack.
This is most significant when looking at Chinese actor APT 10’s targeting of US and European companies, through no fault of theirs, and specifically how Visma appears to have behaved. It’s worth lauding this and acknowledging their behaviour as reported. Before everything else, they appear to have found APT 10’s advanced operations (detailed in this US-CERT alert and known what to do: calling and pulling in others like Recorded Future appropriately.) Very few start out this way, but then, they leaned in and worked on this the right way. They have also reported no lost data in spite of infrastructure compromise, but the message here is understanding risk, implications, constituents and acting transparently and responsibility. Inferring from this, chaos must have reigned and been tamed with communications, management and good-old-fashioned leadership.
Going forward, others should look here and ask for lessons learned. These sorts of successes should be highlighted and learned from within Visma, but also in the wider industry. While most cyber conflict will pillory the losers, when we have heroes who have won or survived with dignity, we should not ignore it and should slow down to acknowledge it and look deeper.”