Expert(s):
VP Awake Labsfeature_status*/ ?>
Awake Security

Comments Dotted : 2
August 06, 2020

Expert Commentary: Canon ransomware attack
There are several warning signs of pre-encryption activity visible on the network that Canon likely missed.
Canon is not the first victim of Maze and we have seen Maze be very active and malicious in the past weeks including the recently published 50GB of data from LG and another 25GB of data from Xerox. We haven’t seen Canon’s data hit the forums yet, but will likely see 10 TB of data posted for sale soon if Canon doesn’t pay, judging by what we’ve witnessed from other attacks. Like the others, the Canon data may potentially include source code, internal IT data, and likely a large amount of .....Read More
Canon is not the first victim of Maze and we have seen Maze be very active and malicious in the past weeks including the recently published 50GB of data from LG and another 25GB of data from Xerox. We haven’t seen Canon’s data hit the forums yet, but will likely see 10 TB of data posted for sale soon if Canon doesn’t pay, judging by what we’ve witnessed from other attacks. Like the others, the Canon data may potentially include source code, internal IT data, and likely a large amount of data about some of their internal programs and third parties. In this case, Canon likely missed several warning signs that could have tipped them off. We know the network provides a unique vantage point to spot the pre-encryption activity of ransomware actors such as those behind Maze. This latest attack will surely assist in putting Maze back at the top of the list of ransomware threats that IT admins and security operations teams are watching  Read Less
May 20, 2020

UK airline easyJet data breach impacts 9M customers – expert commentary
Many people are focusing on the impact this breach has on individuals, but there are much larger organizational or government risks too.
A lot of people are missing the potential big picture impact of the EasyJet breach and the risk it could pose to other enterprise or government organizations. Of course the individuals impacted should heighten their cybersecurity awareness and take steps to further protect themselves – but the organizations these nine million people work for need to be vigilant too. One thing we noticed from past breaches at places like American Airlines and the U.S. Office of Personnel Management is that the .....Read More
A lot of people are missing the potential big picture impact of the EasyJet breach and the risk it could pose to other enterprise or government organizations. Of course the individuals impacted should heighten their cybersecurity awareness and take steps to further protect themselves – but the organizations these nine million people work for need to be vigilant too. One thing we noticed from past breaches at places like American Airlines and the U.S. Office of Personnel Management is that the goal was to get information that can be used by nation states or other groups for blackmail, further hacking or other malicious campaigns. If this attack was carried out by a sophisticated group that was more interested in EasyJet’s intellectual property than it was in stealing personal customer information – like the company has suggested – this is a very likely scenario. The personal information these attackers have gained provides a huge strategic advantage where they can prioritize high value target organizations and agencies with phishing tactics that leverage an extensive amount of personal data.  Read Less