RansomEXX Claims Credit, Ferrari Denies Data Leak
Ferrari’s security posture may not be quite as bold as its cars after attackers—allegedly, the ransomware group RansomEXX—leaked 7GB of the company’s data online.
An account of the leak first surfaced in Corriere della Sera, an Italian newspaper that apparently viewed the documents on the Red Hot Cyber website, according to a Reuters report. Among the documents posted were technical sheets, repair handbooks and other internal documents.
“Not many details have been shared about this incident yet either by the attack group or by Ferrari themselves,” said Chris Vaughan, AVP of technical account management, EMEA, Tanium.
“There have been media reports that the RansomEXX group is behind the attack,” the Reuters report said, noting the gang has “targeted other high-profile companies in the past such as Gigabyte, Hellman Worldwide and fashion brand Zegna.”
Ferrari told Reuters that it was trying to get to the bottom of the leak. “Ferrari isn’t the first company to deny evidence of an attack, and they certainly won’t be the last. In fact, many of the ‘cyberattacks’ we track aren’t revealed as ransomware until months later when a data breach has been confirmed,” said Darren Williams, CEO and founder of BlackFog.
“This incident is interesting in that the data has been posted online and the RansomEXX ransomware gang has claimed the attack,” he said.
No information has surfaced about the motive behind the attack. But Vaughan pointed out that “the group, which was given the name after ‘ransom.exx’ was found in its binary, is usually motivated by financial gain. But Ferrari has said that no ransomware has been detected.”
He said he “would be surprised if this is the case, because the RansomEXX group has become known for operating a ransomware-as-a-service model, publishing stolen data on its leak site just as it has done with the Ferrari attack.”
It’s not the first time Ferrari has suffered a leak—attackers from the cybergang Everest previously got their hands on data from Ferrari, Maserati and Lamborghini via Speroni spa, a luxury car component supplier.
This latest incident demonstrates just how important it is for every organization to rethink data security, said Erfan Shadabi, cybersecurity expert with comforte AG.
“Ferarri must now assess just how much sensitive information has been released,” said Shadabi. “Hopefully, they are able to navigate this situation effectively with minimal damage.”
“It’s ironic that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information,” Shadabi said. “These reports should all be treated as cautionary tales, as an enterprise might find themselves in the same boat without the proper data-centric approach.”
Vaughan maintained that there are several measures that can be taken to reduce the chances that attacks like this will be successful. “These should be adopted as part of a zero-trust approach, where implicit trust is eliminated and the principle of ‘never trust, always verify’ is used,” he said.
In addition, Vaughan said, strong authentication methods, network segmentation and lateral movement prevention are key, as is visibility into vulnerabilities. “Having full visibility of the IT environment and having the ability to fix vulnerable devices that are connected to it is another critical aspect,” he said.
“If these practices are employed as part of an organization’s culture along with effective staff training then the potential damage caused by financially motivated attacks can be significantly reduced,” he added.
Williams said the bottom line is protecting data, without which cybercriminals have no leverage. “This attack emphasizes why companies need to focus on data exfiltration and data security in preventing attacks. Without data, cybercriminals cannot extort organizations, steal trade secrets or cause a data breach.”
