Marketron Suffers BlackMatter Attack, Shuts Down All svcs. – 5 Experts Comment

BACKGROUND:

Inside Radio is reporting: Marketron Hit With Cyberattack. Virtually All Of Its Systems Are Offline. Marketron manages $5 billion in annual U.S. advertising revenue. Service to all 6,000 customers has been shut down, all services offline. CEO Jim Howard told customers Sunday night of a breach by “the Russian criminal organization BlackMatter.” Updated company breach announcement here.  Five of our experts commenting below.

Subscribe
Notify of
guest

6 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Bill Lawrence
Bill Lawrence , CISO
InfoSec Expert
September 23, 2021 12:52 pm

<p>This one looks pretty big. I say “one” because details from the company are intentionally sketchy and there is nobody even saying that this is ransomware, data exfiltration, or any of the other types of cyber scourges thwacking businesses like Marketron these days. It is also telling that “Howard said the company is communicating with both BlackMatter and the FBI” and, sadly, the Russian criminal organization is listed first in the call tree. <u></u><u></u> <u></u><u></u></p>
<p>Robust risk assessments, phishing training for users and protections for systems, quality data backups with regular testing, and telling your representatives the US needs harsh sanctions against Russian cyber criminal groups could help in these regularly reoccurring scenarios.</p>

Last edited 1 year ago by Bill Lawrence
Ron Bradley
InfoSec Expert
September 23, 2021 11:50 am

<p>The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven\’t likely identified Marketron as being critical path in their business operations.<u></u><u></u></p>
<p>Having a TRPM program which addresses Nth party due diligence is vital in today\’s increasingly complex supply chain. The program however, can\’t afford to be \"all bark and no bite.\"  Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties.  <u></u><u></u></p>
<p>The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.</p>

Last edited 1 year ago by Ron Bradley
Ron Bradley
InfoSec Expert
September 23, 2021 11:48 am

<p>The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects.  We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven\’t likely identified Marketron as being critical path in their business operations.<u></u><u></u></p>
<p>Having a TRPM program which addresses Nth party due diligence is vital in today\’s increasingly complex supply chain. The program however, can\’t afford to be \"all bark and no bite.\"  Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties. </p>
<p>The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.</p>

Last edited 1 year ago by Ron Bradley
Garret F. Grajek
InfoSec Expert
September 21, 2021 10:50 am

<p>It\’s not just the health care and financial sectors that are at risk from cyberattacks. The scanning tools the hackers use are vertically agnostic – and are looking for vulnerabilities in our systems. The APT  (Advanced Persistent Threat) malware they plant in the systems allow them to enumerate our systems and discover what is running, and then matching to known and published CVEs (Common Vulnerabilities and Exposures). With this information the attacker can exfiltrate whatever data they wish for a ransomware attack – or can shut the systems altogether.</p>
<p>The key to mitigate these attacks in security alertness though immediate vulnerability patching and to practice identity vigilance though account reviews and privilege escalation triggers.</p>

Last edited 1 year ago by Garret F. Grajek
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
September 21, 2021 10:43 am

<p>BlackMatter strikes again, this time hitting Marketron, a firm that manages billions of dollars of ad revenue.  BlackMatter, which also attacked tech giant Olympus a couple of weeks ago, and whose code was used in the Colonial Pipeline attack, is going after big targets and certainly attempting to get a great deal of return on its ransom.</p>
<p>We still seem to be on the upswing in terms of the frequency or cost of ransomware, with no clear path to remediation. Marketron responded relatively quickly to this attack, but still wasn’t able to prevent it, and it’s not clear that they have a remediation alternative. This fact argues for even earlier recognition of a ransomware attack through real time data collection and analysis so that there is little or no delay in response.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
6
0
Would love your thoughts, please comment.x
()
x