Missed Signals: How the Ransomware Attack on Apple’s Supplier Could Have Been Detected Sooner
Written by: Black Kite
Another week, and yet another third-party breach has surfaced. Taiwan-based notebook computer manufacturing company, Quanta Computer, experienced a cyberattack earlier this week that allegedly exposed sensitive data, which included Apple’s new product blueprints. Infamous Russian ransomware group REvil, aka Sodinokibi, is publicly behind the attack.
REvil is now threatening Apple with extortion, as their website in the deep web displays a message from the group recommending “Apple buy back the available data by May 1st.” The group also disclosed the success of their initiatives, including links to download data as well as Apple’s product blueprints.
What Were the Missed Signals?
The Black Kite platform has been continuously monitoring Quanta Computers since August of 2020, displaying a poor cyber posture from the start. As seen in the chart below, the company experienced the largest amount of security issues towards the end of 2020.
Black Kite researchers also initiated a scan on Quanta Computers April 1st, 2021, likely only days before the attack. Based on our findings, there were clearly identified security issues that could have alerted Quanta Computers in advance.
Black Kite’s new Ransomware Susceptibility Index® (RSI™) approximated Quanta Computers at a 0.787 out of 1, indicating a very high risk of incurring a ransomware attack. There are 150 indicators included in this alarming RSI™, ranging from possible vulnerabilities on outdated products that allow remote code execution to poor email security.
The technical report on the company also indicates a poor cybersecurity posture. In addition to the vulnerabilities that can be exploited by threat actors to execute a ransomware attack, the past issues in email security and leaked credentials also make the company susceptible to phishing and social engineering attacks that follow by a ransomware attack.
Where Does the Attack Stand Now?
Quanta Computer Inc. acknowledged the attack in a statement made to Bloomberg, stating that the company’s information security team worked with external experts to deal with cyber attacks on a small number of servers. The company also told Bloomberg that there has been no material impact on business operations.
How Can You Prevent Yourself from Being the Next Victim?
Ransomware was the most common threat to organizations in 2020, especially operations in finance, e-commerce, and healthcare. In addition to security incidents, ransomware also had the highest impact on victims’ production, reputation, and finances. Not only should companies protect their own organization, continuous monitoring of vendors, suppliers, and third parties is also needed to prevent a ransomware attack.
Within minutes, Black Kite’s Ransomware Susceptibility Index® will provide an approximation for each vendor’s susceptibility to ransomware, and cross-correlate findings to their technical and financial ratings. The RSI™ follows a process of inspecting, transforming, and modeling data with the goal of discovering the likelihood of a ransomware incident.
Data is collected from a variety of OSINT sources, such as internet wide scanners, hacker forums, the deep/dark web and more. Using the data and machine learning, the correlation between control items in the Black Kite Cyber Risk Assessment and Ransomware Entry Methods is identified to provide approximations.
Interested in the ransomware susceptibility of your company, or one of your third party vendors?
Request a Free RSI™ Score