Luxottica, who owns popular eyewear brands Ray Ban, Oakley, Micheal Kors, Prada, Chanel and many more has faced severe technical issues resulting in the shutting down of their offices in Agordo and Sedico, Italy as well as their online portal system.
Customers reported that the websites for some of Luxottica’s major retailers were not working, raising the question of a breach to their systems.
Bleeping Computer has reported that a vulnerability in their Critrix ADX controller device, a popular entry point for ransomware attacks, could have allowed access to the companies network, resulting in the shutdown.
Commenting on the news, Michael Barragry, operations lead at vulnerability management firm Edgescan, stated: “This appears to be an unfortunate example of a failure to patch against a vulnerability which was originally publicised 9 months ago, and it looks like the punishment has been quite severe.”
“Remote Code Execution (RCE) vulnerabilities are among the most dangerous and can allow an attacker to execute code of their choosing on the machine being targeted – such as downloading and running Ransomware,” he explained. Asked what organisations should do to protect themselves from this type of threat, Barragry advised organisations to ensure that a robust patch management systems is in place, especially for their public-facing infrastructure, such as their websites and client portals. “This should be supplemented with regular security assessments and penetration testing,” he added.
