Ferrari is racing to contain the damage after it was targeted by cyber criminals this week.
The supercar manufacturer said that its systems were compromised and that customer data has been stolen.
In a breach notification letter sent to affected individuals, Ferrari noted that a limited number of IT systems were breached, and some customers’ names, addresses, email addresses and telephone numbers were exposed.
It’s unclear how many people have been blindsided by the attack, but Ferrari’s chief executive, Benedetto Vigna, has been attempting to downplay the damage.
He said that no bank account details or other sensitive payment data was affected, nor have any details about the cars that customers own.
As a sign of Ferrari’s confidence, the carmaker said that it is refusing to negotiate with the criminal hacker.
Typically, these attacks play out with the criminals threatening to leak the stolen information online unless they are paid a substantial amount of money.
Given Ferrari’s size and reputation, plus the average ransom demand, the figure is likely to be in excess of £5 million.
The crook’s demands have not been made public, and there is no indication that ransomware has been used to encrypt Ferrari’s systems – only that a ransom had been demanded.
But in a public statement, a Ferrari spokesperson said: “[We] will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks.
“Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident.”
On the right track
Ferrari’s response to this attack will leave many in the cyber security industry popping champagne in celebration.
Experts have continually warned against paying ransom demands for the exact reasons that Ferrari outlined in its response.
Additionally, there is no guarantee that the cyber criminals would keep their word after they’d received their money.
The organisation would have to take them at their word that they’d deleted the stolen data, or else the attackers could shift gears and sell the information on the dark web.
The only ones who might be blowing a gasket about Ferrari’s decision (besides the attackers) are its customers. Ferrari’s response in effect ensures that the customers’ data will be sold and used to commit fraud.
Given how expensive it is to buy a Ferrari, you can assume that anyone who is affected by this incident has plenty of money.
And now that criminals have their names and contact details, you imagine they will be a prime target for phishing attacks and other scams.
Unfortunately, there’s not much more that Ferrari can do to protect them at this stage. As Benedetto Vigna suggests, paying the ransom wouldn’t undo the damage that has been caused.
He notes that whatever steps Ferrari takes from here do “not fundamentally change the data exposure”, because the information is already compromised.
As a result, Ferrari is legally required to report the incident and to notify those affected. The money that would otherwise be handed over the criminals can instead be used to respond to the attack and fulfil its regulatory requirements.
Commenting on its decision, Benedetto Vigna said that it “takes the confidentiality of our clients very seriously and understands the significance of this incident.”
He added: “We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.”
Springing a leak
The big question hanging over this incident is how exactly the breach happened. Victims of cyber attacks are, for obvious reasons, reluctant to provide specific details about how they were targeted.
It’s the attackers themselves who are typically in the driver’s seat, providing screenshots and other evidence of their intrusions as proof that the stolen data is genuine. However, no one has taken credit for the attack so far, leaving many questions unanswered.
Some people have speculated that the ransom is related to an incident last October, in which the RansomExx gang claimed to have stolen 7GB of internal Ferrari documents.
Ferrari denied that it had been breached at the time, but the attackers reportedly accessed data sheets and repair manuals, which it subsequently published on a dark web site.
Other reports suggest that the breach could have happened at external entities, such as dealers and marketers.
This is the more likely explanation, given that those firms will almost certainly process customers’ personal data, and it would explain why the scale of the breach was relatively small.
Wherever the data came from, Ferrari stated it has “worked with third party experts to further reinforce our systems and are confident in their resilience.” It has also hired a “leading global third-party cybersecurity firm” to examine the incident and said that it will “investigate to the full extent of the law”.
These are all promising signs, and Ferrari has been firing on all cylinders in its response so far. However, in incidents such as this, it’s almost impossible to identify and prosecute the perpetrators.
Attackers typically leave behind little evidence of their attack, it can be difficult to track their activities to a specific individual (the best-case scenario is to identify an IP address), and even if they can identify the culprit, they are usually based in foreign countries with non-extradition treaties.
As effective as Ferrari has been so far, you suspect that even it will struggle to catch up with the criminals.
The post Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom appeared first on IT Governance UK Blog.