Yesterday saw the news breaking across the world that takeaway pizza chain Domino’s was being held to ransom by a hacker who had possession of 600,000 customer records.
In the story, the hacker “Rex Mundi” (who has since had his Twitter account suspended) wanted €30,000 (£23,000) or he would release the 600,000 customer details that included customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions, as well as each customer’s favourite pizza topping.
At the time of writing, it is unclear whether Dominos has paid the ransom, but it was determined not according to comments given to the Standaard by executive Andre ten Wolde. After the social media website Feedly refused to pay a ransom in face of a DDoS attack last week, I asked the industry if this is a new era of denied ransom payments and “victims” fighting back?
Andy Heather, VP EMEA at Voltage Security
“The value of personal data continues to be recognised by hackers who are now attempting to use the data to hold companies to ransom. Where previously financial data was the key target of the hackers, the theft of financial information (credit card or account information) has a limited lifespan, until the victim changes the account details etc. But the personal information that can be obtained has a much broader use and can be used to commit a much wider range of fraud and identity theft, and simply cannot be changed.
“The value of this personal data to the cyber criminal has a much greater value, for example where the selling price for a single stolen credit card is around $1, if that card information is sold with a full identify profile that can dramatically increase up to $500. If the cyber criminals know where the real value is then surely we should all expect responsible organisation to pay appropriate attention to keeping our personal information safe.”
TK Keanini, CTO at Lancope
“Ransomware of all types are on the rise because the inventions of crypto currency like Bitcoin and others let them operate with functional currency that does not compromise their anonymity.
“While retail has been in the news lately with a lot of data breaches, if you have a lot of personal data on people, the more people you have the more attractive you are to these criminals. If you have not been hit yet, now is the time to prepare with an incident response readiness that will ensure business continuity. It is just a part of doing business in this age of the Internet.
“Dominos in particular needs to treat this event as an ongoing business problem and not as a one-time event. They should provide leadership and expertise to all of their stores and deliver the operational visibility required to ensure early detection of this type of threat. While getting in again is likely, they must raise the cost to this adversary to hide and operate.”
Jon French, sec
urity analyst at AppRiver
“The hacker “RexMundi_Anon” has apparently done similar before with other Belgium companies. From a quick search, the Dominos one appears to be the largest though. It seems this particular hacker/group is fond of using a ransom method with the stolen data. I didn’t really find any info about how successful this has been for them, but it certainly is a worry for Dominos.
“My personal opinion would be that perhaps the ransom is just a PR ploy for RexMundi and that they plan to release the info anyways (and maybe a small hope of actually getting paid). Dominos has said they will not be paying the ransom though. Most likely they know that paying doesn’t mean the data won’t be released and it can just incentivise other hackers to perform the same kinds of attacks elsewhere.”
David Howorth, vice president at Alert Logic
“Hackers are increasingly turning to ransom as a money earner but in this instance it seems they aren’t quite as greedy as others have been – £24,000 seems very low!
“Dominos should remain vigilant and not agree to pay the ransom – the hackers have no ethical code of conduct, so Dominos should assume their customer data is already making its way to the criminal underground, where it will be sold. Consumers should heed the security industry advice to change their passwords as soon as Dominos have fixed the server vulnerabilities that enabled the hack to take place in the first place.”
George Anderson, director at Webroot
“It is reassuring to see that companies that find themselves targeted by hackers looking to make a quick buck are refusing to pay up. After all, when it comes to data theft, there is no guarantee the hackers wouldn’t release the data, even if ransom was paid, as they may equally accept the money and then try to sell the data on illegal forums, in hope of doubling their profits.
“This is slightly different to what we saw last week, when Feedly and Evernote were targeted by DDoS extortion attacks. Usually, organisations that give in and pay are spared being DDoS’ed – but only because following through with a DDoS attack requires slightly more effort on the hackers’ side, than publishing the data that has already been downloaded.
“However, companies that fall victim to money extortion attacks should under no circumstances agree to play by hackers’ terms. Instead, organisations that hold customer data should ensure they maintain a structured, multi-layered approach to security spanning data encryption through to security software that is updated and reviewed on a regular basis, to limit their chances of becoming an easy extortion target.”
Jason Hart, VP Cloud Solutions at SafeNet
“Cybercriminals are after the money and will follow the path of least resistance to get to it. Usually this means stealing personal data which is often unencrypted and selling it on the black market, or in this case using it for cyber blackmail.
“The latest breach continues to raise public awareness of the need for encryption – not just of financial data, but also wider customer information. It also reinforces something we at SafeNet have said for a while: breaches will happen and you can’t stop them. The issue is – are you able to protect your sensitive data when a breach happens?
“The fact that financial information was not compromised minimises the severity of the breach. But given the increasing number of data breaches we’re seeing, it’s clear that companies need to start thinking about encrypting more than just financial data. If not they run the risk of losing customers to those competitors that do.”
Dr. Mike Lloyd, CTO at RedSeal Networks
“Ransomware is an interesting trend in attacks. It’s also very significant that a world-wide company like Domino’s could lose sensitive data in just a few countries. It brings home the way modern business infrastructure is complex, sprawling, and hard to control. Bad guys only need to find one weakness to find a target of interest; defenders need to find them all.
“This makes for an asymmetric situation. Companies cannot simply stop storing all information, and nor can we expect complexity of networks to decrease. The only viable path forward is automation to gain visibility into all the weaknesses, everywhere, in order to improve defensive posture before this happens again.”