Canon Hit by Maze Ransomware Attack, 10TB Data Allegedly Stolen (bleepingcomputer.com) 31
Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. From a report: BleepingComputer has been tracking a suspicious outage on Canon's image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service yesterday, August 4th. However, the final status update was strange as it mentions that while data was lost, "there was no leak of image data." This led BleepingComputer to believe there was more to the story and that they suffered a cyberattack. [...] Today, a source contacted BleepingComputer and shared an image of a company-wide notification titled "Message from IT Service Center" that was sent at approximately 6 AM this morning from Canon's IT department.
Dear Corporate Board: (Score:3)
"Those Who Do Not Learn History Are Doomed To Repeat It"
Seriously, spend a couple bucks on your IT Security.
Re: Dear Corporate Board: (Score:1)
Re: (Score:1)
Thank you, the Corporate Board has heard your message.
Yes, we know they've heard it.
They've heard it 100 times before too.
Fuck 'em if they can't learn. Problem is they never actually get fucked, so they never learn.
Re: (Score:2)
Cheaper to just pay the ransom than keep a bunch of high dollar donut eaters around with nothing to do 99% of the time.
Found the MBA^^^^^
You pay 20Million, you've paid a bunch of people for a whole lot of years, and maybe, just maybe they have some bagels too.
In the long run (Score:2)
It's probably cheaper to pay this one time ransom than invest in good IT practices. That's how the execs and bean counters would see it.
Re: (Score:3)
It's probably cheaper to pay this one time ransom than invest in good IT practices. That's how the execs and bean counters would see it.
And that idea, is quickly dying.
Ransomware started with encrypting your data in place and forcing a ransom for the decryption key. Then it got "smarter" and started seeking out and deleting recovery capabilities (backups) and either deleting or encrypting those too.
Now victims find their data being stolen and then encrypted, forced to pay a ransom to not only decrypt data, but also pay a ransom for hackers to not leak it.
Oh, and hacker promises to delete stolen data when a ransom is paid? Fucking please.
Re: (Score:2)
It's time for intelligence services to goosh the cryptocurrency market. Without it, ransomware hackers would have no way of receiving payments.
Re: (Score:2)
But if you pay the Dane geld you'll never be rid of the Dane.
That is, contrary to the common myth, lightning can strike any number of times in the same place.
The Cloud is just someone else's computer (Score:5, Insightful)
This data loss is really sad as you can imagine someone probably trusted this as a primary data source, and as a result lost images forever...
It's a great idea to back up photos to "the cloud" but nothing beats storage totally under your control.
Re: (Score:3)
Not necessarily forever. If they didn't leak the image data, that probably means it exists on a different system, and what they lost was the metadata that links those images to an account. If so, then with a generous donation plus the source camera's serial number, someone could probably convince one of Canon's IT people to run exiftool on the whole pile of photos and figure out which images are theirs. :-)
Re:The Cloud is just someone else's computer (Score:4, Insightful)
This data loss is really sad as you can imagine someone probably trusted this as a primary data source,
This data loss will be particularly sad, egregiously so, if Canon didn't have backups. I don't necessarily fault someone for falling to a vulnerability that lets an attacker get through with ransomware. There are so many CPU and motherboard hardware vulnerabilities nowadays that in many cases it's not even the fault of the administrator. What I fault them for is if a ransomware attack gets through that causes data loss. This is just a case of criminally poor backup procedures. I don't care how many redundant drives you have on your raid, if you are not making daily backups, especially when entrusted with other people's data, then you are being irresponsible.
It's why I advocate for everyone who insist on "cloud" infrastucture, to use their own. Most home routers are capable of it nowadays, or use Syncthing [syncthing.net], or many of a number of cloud solutions that give you control over the infrastructure that houses your data.
Re: (Score:2)
This data loss will be particularly sad, egregiously so, if Canon didn't have backups.
Hello, lawsuit!
Re:The Cloud is just someone else's computer (Score:5, Insightful)
This data loss is really sad as you can imagine someone probably trusted this as a primary data source,
This data loss will be particularly sad, egregiously so, if Canon didn't have backups. I don't necessarily fault someone for falling to a vulnerability that lets an attacker get through with ransomware. There are so many CPU and motherboard hardware vulnerabilities nowadays that in many cases it's not even the fault of the administrator. What I fault them for is if a ransomware attack gets through that causes data loss. This is just a case of criminally poor backup procedures. I don't care how many redundant drives you have on your raid, if you are not making daily backups, especially when entrusted with other people's data, then you are being irresponsible.
The problem with "poor" backup procedures is most admins are ignorant when it comes to offline backups, especially when "cloud" is the (often stupid) answer to everything storage. Offline backups have become mandated in newer cybersecurity standards, and justifiably so.
You can have hourly backups, replicated to a dozen locations around the planet Won't do you any good if they're all compromised because they were all online and fell victim to the attack. Destroying your recovery capability isn't just a cool feature in ransomware, it's becoming the norm, and we have to mitigate that obvious 21st Century risk.
Re: (Score:2)
For years we used shadow protect which allows you to roll the file system back to a specific point in time. Altaro now does this at the VM level including concatenation and file level restore.
Only the domain account for the backup service has write access to the backup nas systems.
Re: (Score:2, Insightful)
For years we used shadow protect which allows you to roll the file system back to a specific point in time. Altaro now does this at the VM level including concatenation and file level restore. Only the domain account for the backup service has write access to the backup nas systems.
So all I need to do to encrypt your entire NAS is compromise the domain account for backups?
Hmmm...sounds like you've got some testing to do.
Re: (Score:2)
It’s poor form to point out a weakness without offering a solution.
Re: (Score:2)
It’s poor form to point out a weakness without offering a solution.
How many times do I need to say the words offline backups?
If you don't know what that means and it is your responsibility to implement, then research it. This is not the forum for hand-holding.
To appease you a bit, know that "offline" as defined by security mandate means backups are not accessible through operating system calls.
With regards to your specific argument, one would think pointing to the specific account that could be compromised, is enough of a "solution" to test. Once again, enough with the
Re: (Score:2)
This may be so, but the easiest vulnerability has always been human. Pretty much all malware and ransomware attacks are phishing based, and spear phishing ones are extremely difficult to protect against because they are, for all intents and purposes, real.
It starts often with simple requests,
Re: (Score:2)
When I have done pentesting, phishing in various forms usually pays off the fastest and gets the best information. Quite frequently it's the camel's nose under the tent that ends up with the gold key to the kingdom. (Have I used enough cliches yet?)
Re: (Score:2)
This data loss is really sad as you can imagine someone probably trusted this as a primary data source, and as a result lost images forever...
Well, the average user is not the same as the average Slashdot user. Even if they are storing their photos on their own computer, rather than in the cloud... are they backing it up? Probably not. So they're still very vulnerable to any number of problems.
A properly managed cloud service will have backups and be able to recover most/all data if the loss is due to its own issues.
On a side note... do people even use these free storage offerings? They never seem particularly useful, and seem to obviously exist
Re: (Score:2)
On a side note... do people even use these free storage offerings?
Of course. No one would ever suspect images of alien visitation is on a public server.
Re: (Score:1)
Even if they are storing their photos on their own computer, rather than in the cloud... are they backing it up?
I agree with that, but I am saying people should really do both. That way they do have the backup they would not have otherwise, yet are not relying on someone else's backup to maintain images forever.
Re: (Score:2)
I agree with that, but I am saying people should really do both.
Oh, yeah, no argument from me on that. I just know - with my own family, at least - I keep hounding them and hounding them about backups, yet (excepting my sister) they all just keep pushing it down the road. And a couple of them have lost stuff in disk crashes in the past!
Re: (Score:2)
It's a great idea to back up photos to "the cloud" but nothing beats storage totally under your control.
Then sites dealing with IT humor wouldn't have any fodder for their mills. Humans will always be the weak link no matter where they are.
Re:The Cloud is just someone else's computer (Score:4, Interesting)
All the serious amateur photographers I know are paranoid about losing their photos, and keep multiple backups. Usually a local copy on the computer, a local backup, and a cloud backup. I keep mine on a NAS, make monthly backups of the NAS, and have a cloud backup. In fact the reason I switched to a NAS was because my photo collection grew larger than the size of a single backup drive (I backup using a RAID enclosure). I would imagine most people who buy a Canon camera or scanner would fall into this category.
All the professional photographers and photo studio businesses I know are even more paranoid. The local copy on the computer is deleted after the job is done. But they keep at least two copies in local external drives, an extra backup burned to DVD/Blu-ray and placed in a filing cabinet, and sometimes a cloud backup.
It's mostly the average non-photographer who uses the cloud as their one and only repository for photos.
Re: (Score:2)
Re: (Score:2)
It's mostly the average non-photographer who uses the cloud as their one and only repository for photos.
Exactly. Those will be the people who loose irreplaceable photos.
MICROS~1 Windows strikes again. (Score:3, Informative)