BACKGROUND:
Inside Radio is reporting: Marketron Hit With Cyberattack. Virtually All Of Its Systems Are Offline. Marketron manages $5 billion in annual U.S. advertising revenue. Service to all 6,000 customers has been shut down, all services offline. CEO Jim Howard told customers Sunday night of a breach by “the Russian criminal organization BlackMatter.” Updated company breach announcement here. Five of our experts commenting below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>This one looks pretty big. I say “one” because details from the company are intentionally sketchy and there is nobody even saying that this is ransomware, data exfiltration, or any of the other types of cyber scourges thwacking businesses like Marketron these days. It is also telling that “Howard said the company is communicating with both BlackMatter and the FBI” and, sadly, the Russian criminal organization is listed first in the call tree. <u></u><u></u> <u></u><u></u></p>
<p>Robust risk assessments, phishing training for users and protections for systems, quality data backups with regular testing, and telling your representatives the US needs harsh sanctions against Russian cyber criminal groups could help in these regularly reoccurring scenarios.</p>
<p>The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects. We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven\’t likely identified Marketron as being critical path in their business operations.<u></u><u></u></p>
<p>Having a TRPM program which addresses Nth party due diligence is vital in today\’s increasingly complex supply chain. The program however, can\’t afford to be \"all bark and no bite.\" Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties. <u></u><u></u></p>
<p>The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.</p>
<p>The importance of supply chain risk management is on full display with this issue at Marketron. With over 6,000 customers impacted, that number is sure to grow exponentially in the downstream effects. We often talk about the importance of Nth party due diligence. The 6,000 Marketron customers, and their customers, and so forth, haven\’t likely identified Marketron as being critical path in their business operations.<u></u><u></u></p>
<p>Having a TRPM program which addresses Nth party due diligence is vital in today\’s increasingly complex supply chain. The program however, can\’t afford to be \"all bark and no bite.\" Policies and procedures and questionnaires are all a great start, but there has to be a point in the process where critical security controls are verified, not just trusted to be in place. Clearly, Marketron suffered from a control failure, either internally, or possibly even from one of their third or fourth parties. </p>
<p>The bottom line is, all companies must have intimate knowledge of their suppliers and those down the supply chain with the potential to impact operations.</p>
<p>It\’s not just the health care and financial sectors that are at risk from cyberattacks. The scanning tools the hackers use are vertically agnostic – and are looking for vulnerabilities in our systems. The APT (Advanced Persistent Threat) malware they plant in the systems allow them to enumerate our systems and discover what is running, and then matching to known and published CVEs (Common Vulnerabilities and Exposures). With this information the attacker can exfiltrate whatever data they wish for a ransomware attack – or can shut the systems altogether.</p>
<p>The key to mitigate these attacks in security alertness though immediate vulnerability patching and to practice identity vigilance though account reviews and privilege escalation triggers.</p>
<p>BlackMatter strikes again, this time hitting Marketron, a firm that manages billions of dollars of ad revenue. BlackMatter, which also attacked tech giant Olympus a couple of weeks ago, and whose code was used in the Colonial Pipeline attack, is going after big targets and certainly attempting to get a great deal of return on its ransom.</p>
<p>We still seem to be on the upswing in terms of the frequency or cost of ransomware, with no clear path to remediation. Marketron responded relatively quickly to this attack, but still wasn’t able to prevent it, and it’s not clear that they have a remediation alternative. This fact argues for even earlier recognition of a ransomware attack through real time data collection and analysis so that there is little or no delay in response.</p>