Automotive Parts Supplier Denso Pwned In Ransomware Attack

Denso, one of the world’s largest technology and component providers for the automotive industry, has disclosed their networks were illegally accessed on March 10. A cybercrime group named Pandora has taken credit for the ransomware attack, are are claiming to have accessed 1.4 Tb of data. Pandora announced the attack and made available a list of files allegedly stolen from Denso as proof, including spreadsheets, documents and presentations which included customer and employee references.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“What is interesting is that the group used a variant of an existing ransomware attack to steal data and detonate their ransomware. This was possibly done on purpose in an effort to circumvent any potential controls or detection methods that were known to be used by Denso to identify previous attacks. Outside of not potentially shutting down security gaps that were highlighted to them previously, Denso and other organizations need to invest in more advanced analytics-based threat detection and response solutions that incorporate non-rule-based self-training machine learning that can adapt to new attack campaigns that vary the malware/ransomware and even the techniques used to insert the malicious software. Despite vendor claims, most are using static rule-based engines that need to be updated by the vendor itself to be effective at detecting a threat. Combined with behavioral analytics and even identity access analytics, the security gaps could have been detected while being exploited, but also the previously unknown, Pandora version, of the Rook ransomware itself would also have been detected much sooner. Either way this is clearly going to put even more strains on the automobile industry and increase the cost to buyers”

This is a case where the full extent of what was stolen isn’t known. Thus this could turn into another Nvidia situation where the full extent of the hack is only known when the information is leaked by the threat actors. And that’s going to hurt all of us in some way shape or form.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: