It seems that chipmaker AMD had been pwned by the ransomware and extortion group RansomHouse:
RansomHouse, a relatively new data-extortion cybercrime group, has announced a major new victim. Today, the group published a new update on its darknet site and are claiming to have breached Advanced Micro Devices (AMD), the large chip manufacturing company.
RansomHouse is claiming to have breached AMD’s network and exfiltrated “more than 450 Gb” of data back in January 2022. The group has also published a data sample as evidence.
And assuming that this happened, it looks like AMD was pwned rather easily. Check this out:
It’s no secret that hackers can easily launch attacks against networks with commonly-used passwords to to gain access.
According to RansomHouse, this was the case with AMD, which the group claims was using “simple passwords” to protect its network.
An era of high-end technology, progress and top security…there’s so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords like ‘password’ [others passwords redacted] … to protect their networks from intrusion. It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our our hands on – all thanks to these passwords.
– RansomHouse group
If that’s true, that’s really embarrsing for AMD.
AMD had this to say when they were asked about this:
On June 27th, we reached out to AMD for comment. AMD provided us with the following statement on June 28th:
AMD is aware of a bad actor claiming to be in possession of stolen data from AMD. An investigation is currently underway.
-AMD Communications Director
RestorePrivacy is in contact with both AMD and RansomHouse and will update this article with any new information provided to us from either party.
That sounds like to me that this has actually happened. But we may want to wait for a more fulsome confirmation.
Saryu Nayyar, CEO and Founder, Gurucul:
“In an ironic twist of fate, AMD survived the global chip supply chain crisis during the COVID-19 pandemic only to be victimized by ransomware from a new data extortion group. Doubling down on irony is that AMD staff used “password” as the password for critical network access. How does this still happen in companies with security savvy engineers? It’s beyond comprehension quite frankly. Time to spin all the passwords and clean up security controls. Seriously, it’s time.”
I can’t wait for the full details to come out. Because if these details are fact, a lot of people at AMD have some explaining to do.
UPDATE: Darren Williams, CEO and Founder of BlackFog added this comment:
“We haven’t yet seen evidence of the attack on AMD, but RansomHouses’ recent attack on the Shoprite Group in South Africa would indicate that they are focused on large organizations with weak security. As with all cyberattacks it really doesn’t matter how the bad actors found their way in, weak passwords or otherwise, if they want to find a way in, they will be successful! What really matters is what data they were able to leave with. Extortion is the focus for cybercriminal gangs and organizations should look to newer technologies like anti data exfiltration to stop them in their tracks and prevent any unauthorized data from being exfiltrated.”
Macmillan Pwned In Ransomware Attack
Posted in Commentary with tags Hacked on June 30, 2022 by itnerdMacmillan, one of the largest book publishers in the US, have been hit by a ransomware attack causing book retailers nationwide the inability to place new orders from the publisher. The company first reported the incident Monday, noting that to prevent further damages to its network, it had taken its systems offline.
Darren Williams, CEO and Founder of BlackFog offered this perspective:
“Taking systems offline post attack is a reassuring and necessary response to a ransomware attack such as this one against Macmillan, but as ever, prevention is better than cure.
Organisations need effective, modern protective security measures in place to prevent attacks. A common challenge with traditional defensive approaches to cybersecurity is that they require too much time to adequately protect organisations from these types of attacks, and often lead to a reliance on post-attack measures such as taking systems offline.
Instead of waiting for an attack to happen and then responding, organisations should be focusKevin,ed on newer technologies that prevent the exfiltration of data from the device, effectively stopping the attacker in their tracks. By looking at the mechanism of action across various ransomware gangs it is possible to stop these attacks at many stages of the attack life cycle and prevent a full blown incident such as the one against Macmillan.”
Hopefully they are able to get things sorted soon. Though I think it is safe to say that their long weekend is ruined.
Leave a comment »