Earlier this week, Estee Lauder published a statement that it suffered an apparently serious ransomware breach, after both the Alphv/BlackCat and Clop ransomware gangs claimed to have compromised the cosmetic giant.
Cybersecurity analyst/ researcher Dominic Alvier posted screenshots to twitter of the leak sites of both gangs that appear to have gone live on Tuesday July 18th.
Estee Lauder said it was focused on remediation and warned that the incident would cause disruption to its operations.
After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts.“[…] the company believes the unauthorized party obtained some data from its systems, and the company is working to understand the nature and scope of that data,” the statement said.
On Tuesday, BlackCat added Estée Lauder to their list of victims with an irritated message towards the company’s silence to their extortion emails:“We first wrote to the ELC leadership on 15 July 2023 to their corporate and personal emails. We sent further emails from the same address, but received no reply,” said the BlackCat ransomware group.
Carol Volk who is a BullWall executive had this comment:
“What’s to prevent multiple Ransomware groups from claiming an attack and seeking payoffs? With no visibility into this type of slow-motion extortion, companies can only improve their defense posture and have a solid after-action plan for restoring their data. The last line of defense is containment, shut down and restoration.”
Brad Hong, Customer Success Lead, Horizon3.ai follows up with this:
“This is one of the most interesting developing case studies of recent ransomware history–two individual ransomware groups, uncoordinated, managed to get into a brand name enterprise company at the same time. Initial reports indicate that they did not hack into ELC’s infrastructure from the same attack vector.
“While it might seem obvious that the moral of the story is to patch highly exploited vulnerabilities, like MOVEit, as a priority, it’s unfortunately common place to see organizations pigeonholed on the wrong things, and if not this threat actor, then the next one could be successful if limited only to their imagination.
“This only emphasizes the need to continuously validate the strength and extent of security through offensive techniques. At the end of the day, APTs are groups of humans too, and their techniques change as they adapt to the rest of the world. Defending against one group doesn’t grant you blanket defense against another. While it would’ve been valuable to patch the suspected exploited MOVEit instance at ELC, testing the true blast radius of this highly warned vulnerability, by continuously running find-fix-verify loops from the attacker’s perspective, ELC, like any organization, would have a much better understanding of the totality of potential paths to impact.”
Now that multiple ransomware groups appear to be using the same exploit (in this case MOVEit) to pwn companies, a world that was already dangerous has become even more dangerous. Which means that taking the right action to protect yourself is even more important.
Like this:
Like Loading...
Related
This entry was posted on July 21, 2023 at 8:49 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Estee Lauder Appears To Have Been Pwned By TWO Ransomware Groups
Earlier this week, Estee Lauder published a statement that it suffered an apparently serious ransomware breach, after both the Alphv/BlackCat and Clop ransomware gangs claimed to have compromised the cosmetic giant.
Cybersecurity analyst/ researcher Dominic Alvier posted screenshots to twitter of the leak sites of both gangs that appear to have gone live on Tuesday July 18th.
Estee Lauder said it was focused on remediation and warned that the incident would cause disruption to its operations.
After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts.“[…] the company believes the unauthorized party obtained some data from its systems, and the company is working to understand the nature and scope of that data,” the statement said.
On Tuesday, BlackCat added Estée Lauder to their list of victims with an irritated message towards the company’s silence to their extortion emails:“We first wrote to the ELC leadership on 15 July 2023 to their corporate and personal emails. We sent further emails from the same address, but received no reply,” said the BlackCat ransomware group.
Carol Volk who is a BullWall executive had this comment:
“What’s to prevent multiple Ransomware groups from claiming an attack and seeking payoffs? With no visibility into this type of slow-motion extortion, companies can only improve their defense posture and have a solid after-action plan for restoring their data. The last line of defense is containment, shut down and restoration.”
Brad Hong, Customer Success Lead, Horizon3.ai follows up with this:
“This is one of the most interesting developing case studies of recent ransomware history–two individual ransomware groups, uncoordinated, managed to get into a brand name enterprise company at the same time. Initial reports indicate that they did not hack into ELC’s infrastructure from the same attack vector.
“While it might seem obvious that the moral of the story is to patch highly exploited vulnerabilities, like MOVEit, as a priority, it’s unfortunately common place to see organizations pigeonholed on the wrong things, and if not this threat actor, then the next one could be successful if limited only to their imagination.
“This only emphasizes the need to continuously validate the strength and extent of security through offensive techniques. At the end of the day, APTs are groups of humans too, and their techniques change as they adapt to the rest of the world. Defending against one group doesn’t grant you blanket defense against another. While it would’ve been valuable to patch the suspected exploited MOVEit instance at ELC, testing the true blast radius of this highly warned vulnerability, by continuously running find-fix-verify loops from the attacker’s perspective, ELC, like any organization, would have a much better understanding of the totality of potential paths to impact.”
Now that multiple ransomware groups appear to be using the same exploit (in this case MOVEit) to pwn companies, a world that was already dangerous has become even more dangerous. Which means that taking the right action to protect yourself is even more important.
Share this:
Like this:
Related
This entry was posted on July 21, 2023 at 8:49 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.