Cyber group RansonEXX took responsibility for stealing the company’s information, Italian newspaper Corriere della Sera said. They claim the hackers have leaked 7GB of data, including internal documents, technical sheets, repair instructions, and other documents.
According to Reuters: MILAN, Oct 3 (Reuters) – Ferrari (RACE.MI) said on Monday some internal documents had been posted online and the luxury sports carmaker was working to identify how this had happened. It will implement all the appropriate actions as needed, it said in an emailed statement.
Ferrari documents were stolen previously when the cybergang Everest hit Speroni spa, a company that supplies components for sports cars and offered data relating to Ferrari, Lamborghini and Maserati. At
that time, Ferrari infrastructure was not affected, the newspaper added.
The very recent cyber attack on Ferrari demonstrates just how important it is for every organization to rethink data security. Ferrari must now assess just how much sensitive information has been released. Hopefully, they are able to navigate this situation effectively with minimal damage. The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as an enterprise might find themselves in the same boat without the proper data-centric approach.
Whilst Ferrari are still denying its systems have been breached. If I were Ferrari, I would be spending a large amount of effort into firstly identifying what files were leaked and secondly, and most importantly, tracing how they got out. Perhaps they were only accessible by a subset of people? Perhaps access to these files is audited? They need to be forensically analysing logs and ensuring that sufficient log retention is in place in case they roll over. Once the “how” has been answered, the “why” needs to be answered next; was this an insider job? Or is it part of a larger breach?
Not many details have been shared about this incident yet, either by the attack group or by Ferrari themselves. There have been media reports that the RansomEXX group is behind the attack having targeted other high-profile companies in the past such as Gigabyte, Hellman Worldwide and fashion brand Zegna. The group, which was given the name after ‘ransom.exx’ was found in its binary, is usually motivated by financial gain but Ferrari have said that no ransomware has been detected. I would be surprised if this is the case because the group has become known for operating a ransomware-as-a-service model, publishing stolen data on its leak site just as it has done with the Ferrari attack.
There are several measures that can be taken to help avoid attacks like this being successful. These should be adopted as part of a zero-trust approach, where implicit trust is eliminated and the principle of ‘never trust, always verify’ is used. This means that strong authentication methods, network segmentation and lateral movement prevention is key. Having full visibility of the IT environment and having the ability to fix vulnerable devices that are connected to it is another critical aspect. If these practices are employed as part of an organization’s culture along with effective staff training then the potential damage caused by financially motivated attacks can be significantly reduced.