Are you playing any of the cyber security firms? They must be doing well...
I wonder if you could catch these crooks by following the money betting against the companies they hack?
LockBit: The hackers holding Foxsemicon hostage
Samuel Howarth, DIGITIMES Asia, Taipei
Wednesday 17 January 2024
During the afternoon of Tuesday, January 16, news broke that Foxsemicon, a subsidiary of Taiwan's electronics behemoth Foxconn, became the latest victim of the elusive LockBit 3.0 hacking group.
At around 5 p.m. Taiwan time, shortly after initial reports of the hack began circulating, Foxsemicon posted a statement to the Market Observation System, the company reporting system which is maintained by the Taiwan Stock Exchange. "Our company's information systems experienced a cyber network attack," the message said.
The statement explained, "Upon detecting the cyber network attack on certain information systems, the Information Department immediately activated relevant defense mechanisms and recovery operations." "Simultaneously, collaboration with external cybersecurity company experts was initiated," it added.
It was possible to access the company's website after the hack. The site appeared normal apart from the company's introduction page, which was the area of the website that displayed a threat from the hackers, announcing that they had stolen 5 terabytes of data.
We have all your personal data
A message from the hackers to Foxsemicon's customers read, "If you are a Foxsemicon customer, we have all your personal data." "All your personal data will be freely available on the internet in Foxsemicon not pays money," the hacks added.
The group's message also addressed the company's staff, "If your management does not contact us, you will use your job." "As we are able to completely destroy Foxsemicon with no possibility of recovery, all media (BBC, Wall Street Journal, The Washington Post) will inform you that the company no longer exists," it added.
LockBit has the ransomware industry on lockdown
A recent report by Cyberint showed that LockBit has the ransomware industry on lockdown. It said that in the third quarter of 2023, LockBit3.0 remains the most dominant ransomware group with 252 new victims, 17.7% of all ransomware cases.
Fortinet reported that LockBit, a ransomware group, started its activities as early as 2019. It offers Ransomware-as-a-Service (RaaS) to online criminals called affiliates. The affiliates' role is to choose and breach target organizations using the ransomware supplied by LockBit's developer.
The LockBit operator, as a (RaaS), offers its affiliates a variety of options for splitting the ransom fee. The ransom payment is typically split 1:4 between the LockBit operator and the affiliates, Fortinet wrote.
The cyber security giant noted that LockBit is a particularly industrious ransomware outfit. LockBit 2.0 (also known as LockBit Red) was released in mid-2021, followed by LockBit 3.0 (also known as LockBit Black) in early 2022. The latest variant, "LockBit Green," emerged in early 2023.
Indeed, in the message posted to Foxsmicon's site, LockBit said, "We are the oldest ransomware affiliate program on the planet." "Nothing is more important to us than our reputation," the outfit added.
Ask Elon
The group provided a link to a Twitter post on their previous attacks. "You can get more information about us on Ilon Musk's Twitter," they add (spelling unchanged), providing a link.
LockBit's communications are known for their tongue-in-cheek tone. The group left a message for Elon Musk after they hacked Maximum Industries, a contractor to SpaceX.
The hackers wrote on their dark-web-based data leak site, "I would say we were lucky if SpaceX contractors were more talkative. But I think this material will find its buyer as soon as possible." "Elon Musk, we will help you sell your drawings to other manufacturers – build the ship faster and fly away." LockBit's blog post read.
LockBit says that its attacks are not politically motivated. "We are not a politically motivated group, and we want nothing more than money," read the message posted on Foxsemicon's website.
Despite this claim, Fortnite noted that LockBit "does not target" and approved "target" industry lists for file encryption and data exfiltration encompass geopolitical blocs. Lockbit's affiliates are not allowed to attack post-Soviet countries: Armenia, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Uzbekistan, Ukraine, and Estonia, Fortinet's analysis noted.
Keeping it ethical
Lockbit has provided details about what distinguishes it from other hacking groups. A member of the group was interviewed by The Record in 2021.
When asked if Lockbit and other hacker groups such as REvil and Hive targeted hospitals, the group representative said, "We do not attack hospitals as there were several cases when affiliates encrypted dental offices and nursing homes by mistake." "We issued decryption keys free of charge," the representative added.
LockBit's Tuesday attack on Foxsemicon was not the first time that the group has hit a major Taiwanese company. Digitimes reported on a LockBit attack on a TSMC hardware vendor in July 2023.
After the hack had been reported, TSMC issued a statement saying that since all hardware equipment entering TSMC is adjusted according to the company's completion procedures after entering the factory, the incident had no impact on the chip giant's production, and none of the data related to its customers was leaked.
The resilience factor
Speaking about the importance for companies of transparency when it comes to building cyber resilience Marc Hijink, the technology news reporter of Holland's NRC Handelsblad told Digitimes that the issue should be "shouted from the rooftops." "It would be best if a company could be completely open about it instead of trying to cover up and wait for some journalist to report it" he added.
Hijink said, "The awareness of employees, human factors, is always the most delicate." "Companies should raise employee awareness to have them cooperate and be more careful and resilient" he added.
digitimes.com |
