Canyon Targeted by "Massive Cyber Attack" Over Christmas Period

Jan 6, 2020
by James Smurthwaite  
Canyon Women s Spectral

Canyon has announced it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group". The attack has now been identified and stopped and Canyon claim that the majority of its software and servers are encrypted and therefore protected from the attack. They do however, admit that it will result in some delays in orders that have been placed through the website.

bigquotesThe attack shows massive criminal intent. Due to the encryption of our IT infrastructure, work and business processes were temporarily massively affected. Our Koblenz site was directly affected, as were all our international companies with the exception of the US company, as it operates its own IT system. Unfortunately, we expect delays in customer contact and delivery in the next few days. We are making every effort to keep the impact on our customers and fans as low as possible and to get back to normal operations as quickly as possible. We regret this incident very much and apologize that Canyon is currently not able to offer its usual standard of service.Roman Arnold, Canyon founder and CEO

The local authorities and the state commissioner for datat protection in Rhineland Platinate have been informed and Canyon indicate that they will be filing charges against the perpetrators. Canyon has also installed solutions and countermeasures based on an analysis of the attack.


Press Release: Canyon

Shortly before the turn of the year, Canyon Bicycles GmbH became the target of a massive criminal cyber attack. Apparently, this was perpetrated by a professionally organized group that specialize in attacking companies. The perpetrators succeeded in gaining access to Canyon’s IT systems. Software and servers were encrypted and thus locked in places. The website www.canyon.com was not affected: Orders via the web shop could and continue to be placed as usual. Meanwhile, the attack has been identified and stopped according to the current state of knowledge.

Immediately after the cyber attack became known, Canyon informed the responsible authorities. Canyon has been closely working with the Koblenz criminal investigation department and the state criminal investigation department since the date of the attack. In addition, Canyon has informed the state commissioner for data protection in Rhineland-Palatinate. Criminal charges will be filed against the perpetrators. Experts from the fields of IT, forensics and cyber security were able to quickly analyze and control the attack and have already initiated solutions and countermeasures.




121 Comments

  • 134 2
 Maybe Transition is behind it
  • 9 3
 With help from Qanon no doubt.
  • 63 0
 Kaos would have ensued.
  • 59 0
 @panzer103: Probably someone trying to get some after sales service and repairs done before the summer.
  • 1 0
 Nevermind... just needed to think about it for a bit...
  • 10 6
 Breaking News: Standard brick and mortar bicycle sales shop targeted by massive cyber attack...shop was not impacted.
  • 12 0
 @vjunior21: Breaking News: Standard Brick and mortar bicycle sales shop targeted by van, masked men and power tools... thousands of dollars of bicycles stolen.
  • 1 0
 You beat me to it ! They are somewhat Nerdy @ Transition lol
  • 2 0
 @ullsen: Its a spectral entity
  • 6 0
 Who ever did was certainly Specialized
  • 1 0
 Iranian Quds!
  • 2 0
 the criminal couldnt do any damage as the services were thankfully encripted yeti still succeded in holding up orders
  • 2 0
 @nickkk:
Breaking News: Online bicycle sales company opens coffee shop in distribution facility...no one attends.
  • 1 0
 It was a Specialized attack.
  • 70 2
 Is this the new way of saying "all of the frames you want are out of stock and you're gonna have to wait 4 months for them to come back?"
I would've expected YT would've been first to this party.
  • 36 1
 This was a cyber attack mounted by YT, no doubt about it. Only people who don't leave room for bottle cages would be capable of such a thing,
  • 8 5
 @Steventux: I have a pretty slick Fidlock bottle on my YT jeffsy.
  • 3 0
 @stikmanglaspell: lol yeah I've yet to dehydrate riding a Capra for several years Big Grin just playing to the choir
  • 1 1
 @Steventux: Well YTs site is down for "maintenance" like its 1995 so maybe theres a bike cyberwar going on.
  • 2 0
 @beerandbikes: Finally someone has DOS'd it, payback for that f*cking annoying loading animation...
  • 55 2
 This is what happens when your dumbshit employee opens a fedex receipt with the .bat extension.
  • 17 1
 Hey, I found a flash drive in the factory parking lot - let's see what's on it! ....opening BTC account to pay ransom.
  • 34 0
 Radon Bikes job posting:

Looking for experienced “computer programmer” must be willing to relocate. Background checks not necessary. All applicants will be considered.
  • 11 1
 Oh, and too that - in general with my clients I inform them that EVERY former employee/contractor/consultant is a risk. Most of the time it is "Oh, Bobby would not ever do that.......". Yeah? Bobby might not, but Bobby after half a bottle of Whisky might......(seen it dozens of times)
  • 8 2
 Dude.... For real. I'm in the industry as well. It's nuts how much this actually happens. Even a slightly disgruntled employee turns into fucking Kevin Mitnick somehow after a little bit of that high quality liquor drank gets in the blood stream.
  • 64 0
 What I do after half a bottle of whiskey is none of your business.
  • 3 1
 Or Bobby might not, not even hammered, but Bobby might know jack shit about security and store his logins in plaintext on his home computer.
  • 6 0
 I once saw Bobby walk into the data center with a few pounds of flower and dump it into the HVAC destroying every single drive (spinning disk at the time). All because they didn't cut off access quick enough because, you know he would never do something like that.
  • 2 0
 @salespunk: Ha! The ol' shake'n'bake. Classic Bobby!
  • 12 1
 Almost as cold-blooded as RC's comparison against the Ripmo
  • 4 0
 exactly. obviously a cyber attack by IBIS.
  • 7 0
 As a kinda sorta high end IT (Security) guy for a living....stories like this are generally simply for public consumption. Most all "events" are internal with current or (recent) past staff and or contractors. While this could be the case (but I doubt it) more often than not these situations are blamed on a 'breach' when in fact the breach was only to a contract with something, someone or some entity.
  • 8 1
 Or they made the intern apply a system update. WhaddayameanIneedabackupimage?
  • 8 1
 The article misinterprets the encryption - this wasn't preventative encryption, this was a ransomware attack by the description.

"...mmajority of its software and servers are encrypted and therefore protected from the attack. "

The above statement can't be correct.
  • 4 0
 Agreed, quite obvious (atleast for someone working in the Industry), and by Canyons statement, even described correctly.

The servers were encrypted BY the malware used in the attack. And not used in any sort of preventative way.

As someone who's had to clean up after 3 separate attacks like this, I just hope they had a good backup and restore strategy.
  • 1 0
 @SkipSkovhugger: doubtful. Should have had UTM to start.
  • 5 0
 @SkipSkovhugger: "C'mon man we don't need no stinkin' backups, we're in the cloud duude..."
  • 2 0
 @RoadStain: Preferably you wouldn't put all eggs in one basket. Multiple UTM solutions could have helped. Mixing and matching different solutions is still the way to go. Like you don't run protection from the same vendor on your clients, and on your underlying infrastructure.
Sure that adds complexity, but that's where SIEM comes in.

Even behavioral analytic AV still needs to do just that, analyze. Before being able to stop some malware.
Most vendors even don't alert endpoints, before they've had a sample detonated in a controlled environment. At which point, half your data could already be encrypted.

So ofcourse you'd need some kind of protection. But a proper implementation of RBAC, can atleast stop it from spreading as much, before it's killed by protection.

@mtnsnap: "The cloud does that for us! For free!"
Queue Hyper-Scale backup products xD
  • 1 0
 @SkipSkovhugger: No no - UTM must always live at the edge. I can not recall the last time I even had a system with local AV (other than OE Microsoft stuff). Then again, I also can not recall the last time I saw a "virus". Even systems that get compromised, the behaviors are always stopped.

RBAC certainly does not protect any mobile systems from themselves. For instance, very few run UTM against 3389 for some goof reason...folks sure can feel silly when they copy-past malicious content via RDP and their edge does not catch it.

That said, and as I had mentioned. Chances that this does not have some flavor of internal malicious facgtor is slim. The question is where? The ASP? The ISP? The Azure (or whatever) host....so many possibilities.
  • 1 0
 100% agree, I was about to point this out too.
  • 1 0
 @RoadStain: UTM just has so many pitfalls where it falls short because it's at the edge, and usually a single failure point. Most sec ops agree that host based security is still needed (oh, and don't get med wrong, Defender is great nowadays, specially with CBS turned on)
Also, when users do stupid things, the malware is already at a point where a UTM would not catch it.
Remember that attacks are still, to this day, able to be initiated by USB drops. Why people would ever plug in a USB, found in a parking lot, is beyond me though :-P

You'd need a more "holistic" approach, than just 1 appliance/service.
  • 1 0
 @SkipSkovhugger: "holistic" approach, than just 1 appliance/service. - this is where AD comes into play in many environments. Fact is, in smaller environments where important data has solid UTM...well, even if a non-critical point gets infected...well, I dont care. UTM identifies it, prevents the behavior and quarenteens. While there are massive capability variations brand to brand, that is a Spiceworks thing not a Pink bike thing... :-)
  • 1 0
 @RoadStain: Well, I'm not denying that it could probably work great in the SMB space. There just isn't that large a span of devices, users, equipment etc.
But AD hasn't been considered secure in the last 20 years. You'd need either PFR or Bastion Forest, together with the ESAE model just to prevent lateral escalation.
In the end, the mantra of Protect your data, don't focus solely on the perimeter, still holds true. A good backup strategy allows you to get back if all measures fail. Just... don't domain join the backup solution, or atleast keep a WORM or offline copy Razz

But yeah, I agree. Lets leave it.
Been nice pining stuff back and forth in a constructive manner Smile
  • 1 0
 @SkipSkovhugger: You know how many "ITPros" have never heard of WORM?
  • 1 0
 @RoadStain: Dudes should be shot then.... If an architect designs a backup setup without WORM, they should seriously consider a new line of work Razz
  • 2 0
 @SkipSkovhugger: For giggles I mentioned WORM to an IT company who supports a small clinic. Their backup is a mess....as I assumed. The guy had no idea what a WORM was...then again, the same guy thought that a portable USB drive going "home" one day a week was a good backup strategy for a clinic that will have +/- 200pts a day.
  • 2 0
 @SkipSkovhugger: Tape ain't dead!
  • 8 0
 I thought it was gonna be about someone hacking their site to create some Canadian availability!
  • 9 4
 Canyon knew that something had went wrong as one of their customers posted a positive review of a warranty issue online. This was the first such incident in the company's history and will not be allowed to happen again.
  • 4 0
 They probably used Synoptek for IT. It hit a lot of companies.

krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek
  • 1 0
 The US operation wasn't affected. Synoptek only operates within the US, atleast from the look of the article.
So I doubt that :-)
  • 8 1
 I blame Iran....????
  • 28 3
 Why have a wall when you can have... a Canyon!
  • 5 0
 Had Al Gore not invented the internet........
  • 1 0
 Russian hackers
  • 6 0
 Canyon Experiences Massive Attack
insert trip-hop joke here>
  • 4 0
 It's a bit Tricky
  • 2 0
 You're going to get some bad Karmacoma for that...
  • 2 0
 “Canyon claim that the majority of its software and servers are encrypted and therefore protected from the attack”

It’s ransomware... what they’re saying is that their data/servers were encrypted and that they have no access without paying. Not that they were protected, it’s quite the opposite.
  • 3 1
 This is the future of e-commerce isn’t it? It’s just too easy and profitable to hack their financials. Online companies are going to have to invest so heavily in cyber security that they may aswell open retail stores.
  • 2 1
 This is the reality of there being no onus on the end user to be responsible for how they use computers. Guaranteed this was a ransomware attack that started because some C Level Exec or some dunce in marketing opened an attachment on a phishing email.
  • 3 1
 Every single company will have to invest massively in cyber security. Most companies have basically ignored c-sec until now and treated it as costs without benefits. It's actually surprising that there has been so little cyber crime over the past decade. Now that large scale monetary damage is happening, companies might finally react.
  • 2 0
 @Ttimer: Agreed. They do what they need to do to tick the boxes for their insurers or "audit controls" and nothing more.
  • 1 0
 @robwhynot: So far, the ones I have seen hit the worst (and paid ransom)....City Government...over again. City Government. The rest of us in certain sectors with SOx, HIPAA, PCI and others tend to at least have UTM at the edge and 2FA....Govt? Low bid baby, low bid.
  • 1 0
 @Ttimer: You Sir, are so right.
  • 2 0
 @Ttimer: "has been so little cyber crime over the past decade: - no, just most of it goes unreported. I have to deal over and over with the same local "Internet Expert" Police Detective who poopoo's everything as "not in his jurisdiction" as the "source IP was in Peru" (or just on Tor or a VPN). Simply, they toss everything because they do not want things on their list of "un-solved".

Have one client where the Secret Service was involved...but for the most part, police are as worthless with IP as they are with IP (Intellectual Property / Internet Protocol). From there, not many business' want to 'hit the news'.

As for Canyon, would not shock me if the reality is their CIO quit on nasty terms and they are blaming some Crypto this or that....I have seen that played over and again.
  • 5 0
 I had no idea Claw fans were so tech savvy
  • 3 0
 I think the perpetrators are just all the Retail Bike Shops which have lost tonnes of sales to canyon..... Speaking from experience
  • 2 0
 Quiete a few medium size businesses from various industries in Germany have been (succesfully) attacked with ransomware at the same time. Got nothing to do with Canyon as a bike brand.
  • 1 0
 And some huge organisations elsewhere in the world, Maersk maybe being the largest.
  • 1 0
 I am so tired of companies lacking basic digital literacy calling their naive behavior catching ransom ware an attack.

It‘s as if you stepp in dog poo and call it a massive animal attack m(
  • 2 1
 So they got in took stuff but it's encrypted so everything is gravy. No one has ever hacked encryption.

Seriously though did they actually manage to take any data?
  • 2 0
 DVDs are encrypted at 128bit. Took some code kiddies 3 redbulls and an evening to get around that.
  • 2 0
 The statement sounds to me like the hackers did the encrypting and locking.
  • 2 2
 Oh, and if it was Ransomware...some IT person or consultant needs to be fired. It is our job to protect our end-users from themselves, period. Someone somewhere did not do their due diligence if that is actually the case.
  • 2 0
 Kinda tough when you open the door and let the criminals in. I started a tech company in 2003, and to all my efforts, people figure out how to be dumber than I thought they could be. Happens a lot in govt sectors. With staffs of IT folks
  • 3 0
 Canyon isn't riding for canyon anymore
  • 2 0
 It was a ransomware attack. .
  • 1 3
 It's clearly the oil industry, Canyon makes excellent bikes, this directly threatens the fossil fuel industry. Therefore AND thusly they hacked Canyon in a brutal attack directed at the bike community as a whole, because we do not use enough oil based products for their evil plans!

So now we can all easily see how this ties into the current climate crisis! @martinaasa: @endlessblockades
  • 13 6
 Canyon: we got hacked, damn, we’re in serious trouble,

Internet: how to make It funny? Comment? Meme?

News: US robot killed a general of a country that is capable of a nuclear attack, less stable and potentially more dangerous that North Korea. He may have been terrorist training/equipping scum who deserves no less than public impaling causing slow agonizing death but the situation is tense as fuk.

Internet: hahahha
  • 4 3
 @WAKIdesigns: Trump is a robot? This explains so much!
  • 3 0
 @WAKIdesigns: Um....they have no nukes.....
  • 2 0
 Trek
  • 5 3
 The global guild of LBS
  • 1 0
 pretty sure sickbikes is behind this...
  • 1 0
 Does anyone know why this happened? Was there a motive or something?
  • 1 0
 "Some men... just want to watch the world burn." Alfred, The Dark Knight Rises.
  • 1 0
 Fox shox was just hit this morning.
  • 1 0
 Is this why we haven't seen the new sender available yet?
  • 1 0
 Join the club. I get cyber attacked every day.
  • 1 0
 So were customers' card info stolen or......
  • 1 0
 How can I hack their site to get a steeper seat tube angle?
  • 1 0
 Huck the planet!!!
  • 1 0
 that is truly weird!
  • 1 0
 Uh oh Eek
  • 1 0
 Radon did it! Big Grin
  • 1 1
 so, whats their excuse for before the "attack" ??
  • 3 4
 This is what happens when you have a sociopath as a president
  • 2 0
 Which president? Canyon is a German company.
  • 1 0
 awkward. I'm Scottish too, so it's very likely mtb-scotland has had a few cans. It's Monday who can blame you. Don't be too hard on yourself.
  • 2 5
 Russia or Ukraine or China. Or maybe all three.
Below threshold threads are hidden

Post a Comment



Copyright © 2000 - 2020. Pinkbike.com. All rights reserved.
dv56 0.018331
Mobile Version of Website