Attack on Panasonic Canada Shows Conti is Still Dangerous
While the details remain sparse, Panasonic suffered another breach just six months after a high-profile attack—this time at Panasonic Canada. The Conti ransomware gang said it was behind the February attack that resulted in the theft of more than 2.8GB of data.
The ransomware group posted what appeared to be internal documents from Panasonic Canada, including from its HR and accounting departments. Spreadsheets and files were among the information published on the Conti leak page.
A Panasonic business has been hit by attackers multiple times in the last several months. In the first attack, Panasonic was hit during a string of attacks against Japanese companies. The attackers accessed sensitive customer and employee records sometime in June 2021, though Panasonic did not pick up on it until November 11, 2021.
“After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said at the time.
That attack was followed by an intrusion during which bad actors accessed information on job candidates. Panasonic India also suffered a ransomware attack at the end of 2020.
“Once hackers are successful because of unremediated vulnerabilities, they assume you’re an easier target the next time. In 2021, a study by Cybereason found that 80% of organizations that paid ransomware were subsequently targeted for a second attack,” said Bud Broomhead, CEO at Viakoo.
“Organizations who do not heed the wake-up call of the first attack and make fundamental changes to shrink their attack surface are prime targets for future attacks,” said Broomhead. “The initial data breach of Panasonic likely provided critical information used in the subsequent ransomware attack, including login credentials, passwords and employee details.”
Panasonic confirmed the February 2022 breach, but has not attributed it to any specific group nor has the company provided much in the way of details.
“Even if all procedures and policies are well-executed, there’s no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use,” said Danny Lopez, CEO at Glasswall. “It’s vital that organizations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.”
“Panasonic is not alone, as ransomware attacks continue to escalate across all industries,” Lopez noted. “Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organizations exposed.”
The Panasonic Canada incident shows that Conti, which recently suffered a breach of its own, can’t be considered down and out.
“Conti was doxed and suffered significant operational data loss, but we shouldn’t assume they would fade to black. The group is resilient and, like Hydra, when you ‘cut off a limb, two more shall take its place,’” said Rick Holland, CISO, vice president, strategy, at Digital Shadows.
Holland added that “Conti was the most prolific and dangerous ransomware operator in 2021. Despite the setback, this will continue.”
But Holland warned observers to tread carefully when assessing the series of breaches that befell Panasonic. “I’d be careful not to conflate the other global Panasonic lines of business (like Panasonic India) breaches with the Canadian entity targeted in the latest attack,” Holland said. “These are separate business lines, but the incidents illustrate the complexity of defending multinational organizations.”
