Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 30 June, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Capcom release final update on ransomware attack

Capcom have revealed that an old VPN was used to breach their network

by Jade
April 16, 2021
in Cyber Bites, Malware, Phishing and Ransomware, News, Uncategorized
Capcom streetfighter characters
Share on FacebookShare on Twitter

Capcom has released the final update on their investigation into the major ransomware attack they suffered last year. The investigation has found that the attackers accessed the company through an outdated VPN device. Through this avenue, the attackers were able to access the companies network, as well as any compromised devices in the network.

The attack took place in November 2020, when Capcom was targeted by the Ragnar Locker ransomware. The attack resulted in Capcom having to shut down a percentage of their network as the attackers accessed the company’s systems, stole sensitive information, and encrypted network devices.

On November 4th 2020, Capcom issued a public statement confirming the attack. The statement said, “beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company has confirmed that this was due to unauthorized access carried out by a third party and that it has halted some operations of its internal networks as of November 2.” The announcement claimed that there were no indications that any customer information had been affected by the breach and that Capcom was consulting with authorities about the incident.

The investigation has found that an old VPN used by staff from Capcom’s North American branch was compromised by attackers. The VPN was used as an emergency backup due to pressure caused by Covid-19. Fortunately, only the North American subsidiary was using this VPN, with other Capcom Group subsidiaries already using newer versions. Since the incident, the VPN has been removed from the network.

Following the news, security experts have been commenting on the incident:

 

Lewis Jones, Threat Intelligence Analyst at Talion:

“This was one of the biggest Ransomware attacks of 2020, with an estimated 390,000 users affected. The fact it has taken Capcom nearly 6 months to restore its systems and fully investigate the attack is a warning for organisations across the world that Ransomware should be taken seriously. Despite this, Capcom state that whilst a ransom demand was made it never communicated with the attackers and didn’t pay the demand. Therefore it is expected that the breached data could be made public, if not already.

 Interesting the company confirmed that the attackers targeted an “older backup VPN” which remained in use due to increased demand arising from the Covid-19 pandemic. This highlights the importance of organisations patching against vulnerabilities and keeping systems up to date.

 The company does appear to have managed the situation as well as possible in terms of keeping customers up to date with regular statements and set up a Japan-only phoneline for individuals who wish to inquire about the personal information that has potentially been compromised (0120-400161). North American and European customers are advised to contact its customer support.

Capcom has now confirmed that no credit card details have been breached, however, a large number of former staff and customer details have been stolen. For customers of Capcom who may be affected by the breach, be cautious and act as if your personal details have been breached until notified otherwise. Be alert to incoming texts, calls and emails utilising the information shared in this incident from unknown sources demanding further personal information or payment. Also, consider the password you utilise for this account, if this has been duplicated on other personal accounts, this should be changed promptly.”

 

Eoin Keary, CEO and Founder of edgescan:

“Unfortunately, this is a case of poor visibility in terms of attack surface. The hosting of old, deprecated or unpatched systems on corporate networks is an extremely common vector for system and data breach. The root cause of the majority of attacks against both small and enterprise organisations is known or old vulnerabilities and systems. An attacker simply needs to find one critical risk issue to be successful. This comes down to fundamentals: visibility and continuous maintenance. We can’t secure what we can’t see. Assuming staff at Capcom knew there was an “old” VPN present, the system may have been updated or addressed to maintain a secure posture.

Continuous Visibility and vulnerability management across the full stack would help detect such weaknesses and implementing such programmes is generally much more cost-effective than recovering from a ransomware attack or data breach.”

 

Bryan Embrey, director of product marketing at Zentry Security: 

“The attack on Capcom spotlights both the vulnerability of aging security systems as well as the difficulty of configuring them to meet the demands of today’s users.  Capcom is to be commended for issuing a comprehensive statement of actions taken to remediate this attack by Ragnar Locker, but also admits that it has improved its “management methods of VPN and other devices”.  Implementing a modern zero trust secure access solution can significantly reduce the complex configuration of a traditional VPN while enabling easier log reviews for user behavior and application-specific access.  Moreover, policy enforcement and multi-factor authentication are inherent in a zero trust system, ensuring that only authorized users get access to sensitive information.”

 

Jamie Akhtar, CEO and co-founder of CyberSmart:

“The fact that a major breach such as this resulted due to the use of an old VPN server is unfortunate, particularly as this was done simply to accommodate for the Covid-19 pandemic. Organisations can have all the latest tech and defences but just one oversight can lead to significant consequences. As the saying goes, security teams need to get it right 100% of the time, while bad actors only need to get it right once. It is highly likely that many organisations are in a similar position, making compromises to enable remote working. There is no denying the difficulty of this situation, but businesses can get started by ensuring they are meeting basic cyber hygiene measures. This includes keeping software up to date, changing passwords to be complex and unique, and encouraging regular security awareness training.” 

 

 

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

FBI removed web shells from Exchange Servers without consent

Next Post

University of Hertfordshire hit by cyberattack

Recent News

European Cybersecurity Blogger Awards 2022 Winners Announced

European Cybersecurity Blogger Awards 2022 Winners Announced

June 29, 2022
Phone with white background

The Top Mobile Security Threats of 2022

June 29, 2022
Two computer screens filled with code. Shadowed figure.

Evilnum Hackers Return With New Activity Targeting International Migration Campaigns

June 29, 2022
1 in 6 Enterprise Endpoints exposed to identity risks

Appointment of four new executives ignites Illusive’s international expansion

June 29, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information