Cyber group RansonEXX took responsibility for stealing the company’s information, Italian newspaper Corriere della Sera said. They claim the hackers have leaked 7GB of data, including internal documents, technical sheets, repair instructions, and other documents.
According to Reuters: MILAN, Oct 3 (Reuters) – Ferrari (RACE.MI) said on Monday some internal documents had been posted online and the luxury sports carmaker was working to identify how this had happened. It will implement all the appropriate actions as needed, it said in an emailed statement.
Ferrari documents were stolen previously when the cybergang Everest hit Speroni spa, a company that supplies components for sports cars and offered data relating to Ferrari, Lamborghini and Maserati. At
that time, Ferrari infrastructure was not affected, the newspaper added.
This incident is still being investigated so nobody can be sure if a breach has taken place, but in the meantime, Ferrari must work to understand how some of its confidential data has been posted online.
If the claims from the ransomware gang are true, this once again highlights that criminals are constantly on the lookout for new victims to target, and they will often hit a company in retaliation to something it has done or said. In this case, it really does look like an attempt to embarrass a well-known brand for its claims about its security. Companies should be very careful about their claims around how secure they are in case they quickly need to explain how they suffered a breach shortly after.
The incident also reinforces the importance of good cybersecurity hygiene. Keeping systems up to date with the latest patches and updates, training staff on cyber threats and implementing MFA are all great ways to keep systems secure.
Ferrari is still investigating this incident, so it is unclear whether they have been breached, but this reinforces an important lesson that businesses should never talk publicly about which tools they use for their cybersecurity. Not only does talking about internal cybersecurity design provide free intelligence to attackers, but it also provides motivation for attackers to find weaknesses and shame companies publicly.
Businesses must also use this incident as a further reminder about the importance of locking their digital front doors for cybersecurity. But this can’t be achieved by allowing employees to make their own passwords at free will. By allowing this, organisations lose control of their access doors and have no visibility when their employees’ digital keys are phished, guessed or shared.
To counter this, one of the best solutions is to encrypt all access points. Using encrypted access passwords, employees do not know them. This prevents them being stolen, sold or phished, and also gives organisations back control of their network access and data.
The very recent cyber attack on Ferrari demonstrates just how important it is for every organization to rethink data security. Ferrari must now assess just how much sensitive information has been released. Hopefully, they are able to navigate this situation effectively with minimal damage. The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as an enterprise might find themselves in the same boat without the proper data-centric approach.
Whilst Ferrari are still denying its systems have been breached. If I were Ferrari, I would be spending a large amount of effort into firstly identifying what files were leaked and secondly, and most importantly, tracing how they got out. Perhaps they were only accessible by a subset of people? Perhaps access to these files is audited? They need to be forensically analysing logs and ensuring that sufficient log retention is in place in case they roll over. Once the “how” has been answered, the “why” needs to be answered next; was this an insider job? Or is it part of a larger breach?
Not many details have been shared about this incident yet, either by the attack group or by Ferrari themselves. There have been media reports that the RansomEXX group is behind the attack having targeted other high-profile companies in the past such as Gigabyte, Hellman Worldwide and fashion brand Zegna. The group, which was given the name after ‘ransom.exx’ was found in its binary, is usually motivated by financial gain but Ferrari have said that no ransomware has been detected. I would be surprised if this is the case because the group has become known for operating a ransomware-as-a-service model, publishing stolen data on its leak site just as it has done with the Ferrari attack.
There are several measures that can be taken to help avoid attacks like this being successful. These should be adopted as part of a zero-trust approach, where implicit trust is eliminated and the principle of ‘never trust, always verify’ is used. This means that strong authentication methods, network segmentation and lateral movement prevention is key. Having full visibility of the IT environment and having the ability to fix vulnerable devices that are connected to it is another critical aspect. If these practices are employed as part of an organization’s culture along with effective staff training then the potential damage caused by financially motivated attacks can be significantly reduced.