Canyon has announced it was struck by a "massive cyber attack" over the Christmas break by a "professionally organized group". The attack has now been identified and stopped and Canyon claim that the majority of its software and servers are encrypted and therefore protected from the attack. They do however, admit that it will result in some delays in orders that have been placed through the website.
| The attack shows massive criminal intent. Due to the encryption of our IT infrastructure, work and business processes were temporarily massively affected. Our Koblenz site was directly affected, as were all our international companies with the exception of the US company, as it operates its own IT system. Unfortunately, we expect delays in customer contact and delivery in the next few days. We are making every effort to keep the impact on our customers and fans as low as possible and to get back to normal operations as quickly as possible. We regret this incident very much and apologize that Canyon is currently not able to offer its usual standard of service.—Roman Arnold, Canyon founder and CEO |
The local authorities and the state commissioner for datat protection in Rhineland Platinate have been informed and Canyon indicate that they will be filing charges against the perpetrators. Canyon has also installed solutions and countermeasures based on an analysis of the attack.
Press Release: Canyon
Shortly before the turn of the year, Canyon Bicycles GmbH became the target of a massive criminal cyber attack. Apparently, this was perpetrated by a professionally organized group that specialize in attacking companies. The perpetrators succeeded in gaining access to Canyon’s IT systems. Software and servers were encrypted and thus locked in places. The website www.canyon.com was not affected: Orders via the web shop could and continue to be placed as usual. Meanwhile, the attack has been identified and stopped according to the current state of knowledge.
Immediately after the cyber attack became known, Canyon informed the responsible authorities. Canyon has been closely working with the Koblenz criminal investigation department and the state criminal investigation department since the date of the attack. In addition, Canyon has informed the state commissioner for data protection in Rhineland-Palatinate. Criminal charges will be filed against the perpetrators. Experts from the fields of IT, forensics and cyber security were able to quickly analyze and control the attack and have already initiated solutions and countermeasures.
Breaking News: Online bicycle sales company opens coffee shop in distribution facility...no one attends.
I would've expected YT would've been first to this party.
Looking for experienced “computer programmer” must be willing to relocate. Background checks not necessary. All applicants will be considered.
"...mmajority of its software and servers are encrypted and therefore protected from the attack. "
The above statement can't be correct.
The servers were encrypted BY the malware used in the attack. And not used in any sort of preventative way.
As someone who's had to clean up after 3 separate attacks like this, I just hope they had a good backup and restore strategy.
Sure that adds complexity, but that's where SIEM comes in.
Even behavioral analytic AV still needs to do just that, analyze. Before being able to stop some malware.
Most vendors even don't alert endpoints, before they've had a sample detonated in a controlled environment. At which point, half your data could already be encrypted.
So ofcourse you'd need some kind of protection. But a proper implementation of RBAC, can atleast stop it from spreading as much, before it's killed by protection.
@mtnsnap: "The cloud does that for us! For free!"
Queue Hyper-Scale backup products xD
RBAC certainly does not protect any mobile systems from themselves. For instance, very few run UTM against 3389 for some goof reason...folks sure can feel silly when they copy-past malicious content via RDP and their edge does not catch it.
That said, and as I had mentioned. Chances that this does not have some flavor of internal malicious facgtor is slim. The question is where? The ASP? The ISP? The Azure (or whatever) host....so many possibilities.
Also, when users do stupid things, the malware is already at a point where a UTM would not catch it.
Remember that attacks are still, to this day, able to be initiated by USB drops. Why people would ever plug in a USB, found in a parking lot, is beyond me though :-P
You'd need a more "holistic" approach, than just 1 appliance/service.
But AD hasn't been considered secure in the last 20 years. You'd need either PFR or Bastion Forest, together with the ESAE model just to prevent lateral escalation.
In the end, the mantra of Protect your data, don't focus solely on the perimeter, still holds true. A good backup strategy allows you to get back if all measures fail. Just... don't domain join the backup solution, or atleast keep a WORM or offline copy
But yeah, I agree. Lets leave it.
Been nice pining stuff back and forth in a constructive manner
krebsonsecurity.com/2019/12/ransomware-at-it-services-provider-synoptek
So I doubt that :-)
insert trip-hop joke here>
It’s ransomware... what they’re saying is that their data/servers were encrypted and that they have no access without paying. Not that they were protected, it’s quite the opposite.
Have one client where the Secret Service was involved...but for the most part, police are as worthless with IP as they are with IP (Intellectual Property / Internet Protocol). From there, not many business' want to 'hit the news'.
As for Canyon, would not shock me if the reality is their CIO quit on nasty terms and they are blaming some Crypto this or that....I have seen that played over and again.
It‘s as if you stepp in dog poo and call it a massive animal attack m(
Seriously though did they actually manage to take any data?
So now we can all easily see how this ties into the current climate crisis! @martinaasa: @endlessblockades
Internet: how to make It funny? Comment? Meme?
News: US robot killed a general of a country that is capable of a nuclear attack, less stable and potentially more dangerous that North Korea. He may have been terrorist training/equipping scum who deserves no less than public impaling causing slow agonizing death but the situation is tense as fuk.
Internet: hahahha