What CXOs can learn from Denso ransomware attack

Last week, officials at Denso Corp confirmed that the company’s Germany hub, which oversees sales, design and development of automotive parts, had sustained a ransomware attack. Now, a cybercriminal group claimed responsibility behind the hack and threatens to soon leak the information online.  

The hacker group that calls itself Pandora, posted a statement on the dark web, which is hidden from public view and requires specific software to be accessed, claiming responsibility for the attack and is threatening to publicly disclose the company’s internal details on March 16.  

The cybercriminals claim to have 1.4 terabytes of data, consisting of more than 157,000 pieces of information, including purchase orders and technical drawings. 

Denso said it is in the middle of its investigation into what kind of information was stolen, though it confirmed that sales activities have not yet been disrupted. 

The company became aware of the cyberattack on March 10 when employees detected computer system glitches, its officials said. 

While it declined to confirm whether the criminal is demanding a ransom, it has reported the incident to German law enforcement authorities. 

In a June 2021 report by US-based cybersecurity firm Black Kite, nearly half of the top 100 automobile manufacturers are ‘highly susceptible’ to ransomware and more than 17% of automotive suppliers are likely to incur a ransomware attack. CIOs in auto industry should spend more time in understanding the risk and engage the company’s board in cybersecurity risk. "Quantification is the key to board engagement and understanding in cybersecurity risk management," it said. 

The daily barrage of ransomware attacks is becoming a daunting challenge for businesses across the globe, where Denso is just another example of large enterprise being targeted by ransomware attack. 

Last year, ransomware attacks reportedly hit 80% of the organizations – across sectors – and more than 60% of those who were hit by the attacks paid the ransom, confirmed a report published on February 2022 by cybersecurity firm Claroty. 

Not surprising, this year too, ransomware attacks continue to target companies, with bad actors constantly finding newer ways to compromise data and networks.

David Bicknell, Principle Analyst on the Thematic Research Team at GlobalData too believes that victims of ransomware attacks have already seen significant damage to business profitability in recent months, and it will be just as dangerous going forward.

Speaking about the general trend and risks of ransomware Bicknell said, “Unfortunately, no company is safe from attack. Hackers are becoming more aggressive, exfiltrating data from victims as an additional threat to get them to pay the ransom. If a victim delays payment, the hacker releases a portion of the data to publicize the exploit and heighten the pressure.

“Since there is no way to completely protect against malware infection, organizations should adopt a ‘defense-in-depth’ approach, which involves using layers of defense with several mitigations at each layer. As a result, they will have more opportunities to detect malware and stop it before it causes real damage.”

As per Ivanti’s Ransomware Spotlight Year End Report of 2021, the ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their attack spheres and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults. 

The report pointed out there about 32 new ransomware families were identified in 2021, bringing the total to 157 and representing a 26 per cent increase over the previous year.

Srinivas Mukkamala, senior vice president of security products at Ivanti said, “Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks.”

Mukkamala added that ransomware groups “are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage.”

Ransomware groups are also poised to wage rampant attacks in the coming years, according to Coveware, which revealed that organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack.  

With ransomware’s increasing dominance and devastating effect on businesses, experts also suggest it should have high priority on the agendas of top management and boards. The International Information Systems Security Certification Consortium (ISC)2  - the world’s largest association of certified cybersecurity professionals, has said in its blog that as companies are worried about being attacked with ransomware more than any other form of cyber threats, it becomes the responsibilities of the C-suite executives on the whole – and not just the security teams – to tackle ransomware head on.  

Increased communication between teams and making clear that ransomware defense is everyone’s responsibility can enable organizations to better protect themselves.