Marketron Suffers BlackMatter Attack, Shuts Down All svcs. – 5 Experts Comment

BACKGROUND:

Inside Radio is reporting: Marketron Hit With Cyberattack. Virtually All Of Its Systems Are Offline. Marketron manages $5 billion in annual U.S. advertising revenue. Service to all 6,000 customers has been shut down, all services offline. CEO Jim Howard told customers Sunday night of a breach by “the Russian criminal organization BlackMatter.” Updated company breach announcement here.  Five of our experts commenting below.

Experts Comments

September 23, 2021
Bill Lawrence
CISO
SecurityGate

This one looks pretty big. I say “one” because details from the company are intentionally sketchy and there is nobody even saying that this is ransomware, data exfiltration, or any of the other types of cyber scourges thwacking businesses like Marketron these days. It is also telling that “Howard said the company is communicating with both BlackMatter and the FBI” and, sadly, the Russian criminal organization is listed first in the call tree.  

Robust risk assessments, phishing training for

.....Read More

This one looks pretty big. I say “one” because details from the company are intentionally sketchy and there is nobody even saying that this is ransomware, data exfiltration, or any of the other types of cyber scourges thwacking businesses like Marketron these days. It is also telling that “Howard said the company is communicating with both BlackMatter and the FBI” and, sadly, the Russian criminal organization is listed first in the call tree.  

Robust risk assessments, phishing training for users and protections for systems, quality data backups with regular testing, and telling your representatives the US needs harsh sanctions against Russian cyber criminal groups could help in these regularly reoccurring scenarios.

  Read Less
September 23, 2021
Ron Bradley
VP
Shared Assessments

The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven't likely identified Marketron as being critical path in their business operations.

Having a TRPM program which addresses Nth party due diligence is vital in

.....Read More

The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven't likely identified Marketron as being critical path in their business operations.

Having a TRPM program which addresses Nth party due diligence is vital in today's increasingly complex supply chain. The program however, can't afford to be "all bark and no bite."  Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties. 

The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.

  Read Less
September 23, 2021
Ron Bradley
VP
Shared Assessments

The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven't likely identified Marketron as being critical path in their business operations.

Having a TRPM program which addresses Nth party due diligence is vital in

.....Read More

The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven't likely identified Marketron as being critical path in their business operations.

Having a TRPM program which addresses Nth party due diligence is vital in today's increasingly complex supply chain. The program however, can't afford to be "all bark and no bite."  Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties. 

The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.

  Read Less
September 21, 2021
Garret F. Grajek
CEO
YouAttest

It's not just the health care and financial sectors that are at risk from cyberattacks. The scanning tools the hackers use are vertically agnostic - and are looking for vulnerabilities in our systems. The APT  (Advanced Persistent Threat) malware they plant in the systems allow them to enumerate our systems and discover what is running, and then matching to known and published CVEs (Common Vulnerabilities and Exposures). With this information the attacker can exfiltrate whatever data they wish

.....Read More

It's not just the health care and financial sectors that are at risk from cyberattacks. The scanning tools the hackers use are vertically agnostic - and are looking for vulnerabilities in our systems. The APT  (Advanced Persistent Threat) malware they plant in the systems allow them to enumerate our systems and discover what is running, and then matching to known and published CVEs (Common Vulnerabilities and Exposures). With this information the attacker can exfiltrate whatever data they wish for a ransomware attack - or can shut the systems altogether.

The key to mitigate these attacks in security alertness though immediate vulnerability patching and to practice identity vigilance though account reviews and privilege escalation triggers.

  Read Less
September 21, 2021
Saryu Nayyar
CEO
Gurucul

BlackMatter strikes again, this time hitting Marketron, a firm that manages billions of dollars of ad revenue.  BlackMatter, which also attacked tech giant Olympus a couple of weeks ago, and whose code was used in the Colonial Pipeline attack, is going after big targets and certainly attempting to get a great deal of return on its ransom.

We still seem to be on the upswing in terms of the frequency or cost of ransomware, with no clear path to remediation. Marketron responded relatively quickly

.....Read More

BlackMatter strikes again, this time hitting Marketron, a firm that manages billions of dollars of ad revenue.  BlackMatter, which also attacked tech giant Olympus a couple of weeks ago, and whose code was used in the Colonial Pipeline attack, is going after big targets and certainly attempting to get a great deal of return on its ransom.

We still seem to be on the upswing in terms of the frequency or cost of ransomware, with no clear path to remediation. Marketron responded relatively quickly to this attack, but still wasn’t able to prevent it, and it’s not clear that they have a remediation alternative. This fact argues for even earlier recognition of a ransomware attack through real time data collection and analysis so that there is little or no delay in response.

  Read Less
September 21, 2021
Doug Britton
CEO
Haystack Solutions

This is another stark reminder that criminal organizations are evolving in their technological sophistication and even large orgs with significant resources cannot keep pace. The best defensive posture organizations can take is to develop their own cybersecurity teams. Even if network monitoring and security services are outsourced and expert consultants or response teams analyze the failure, the criminals continue to move forward and the cycle repeats.

The focus needs to be on developing cyber

.....Read More

This is another stark reminder that criminal organizations are evolving in their technological sophistication and even large orgs with significant resources cannot keep pace. The best defensive posture organizations can take is to develop their own cybersecurity teams. Even if network monitoring and security services are outsourced and expert consultants or response teams analyze the failure, the criminals continue to move forward and the cycle repeats.

The focus needs to be on developing cyber teams that have an intimate understanding of the organization's computing infrastructure and are tasked to protect it with vested interest. We have the technology to find folks even in a tight labor market. We need to get them into the fight or we'll continue to see this threat until corporate cyber defense is on par with the pace of criminal efforts.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.