Canon Inc.: The Next Hacking and Extortion Victim of 2020

12/08/2020 14:08:34


Recent news of the Garmin hacking incident has multi-national companies seriously reconsidering their commitment to and strategy for cybersecurity, as fear of massive ransoms and even more massive compliance fines circulate. While Garmin's misfortune made global news, it’s wise to remember that while many hacking groups adhere to a criminal code of ethics (of sorts) of not leaking stolen information, there are many less scrupulous hacking groups who have no code whatsoever - accepting ransom payments for decryption keys and simultaneously leaking or selling the stolen data on the dark web for a double-pay day.

BleepingComputer has once again broken a massive story on the most recent and visible hacking incident involving Canon Inc., a globally known and respected Japanese imaging and optical product company, specializing in film, imaging scanners and computer printers. Canon employees were recently informed that their Microsoft Teams, USA Website, email and other internal applications had been hacked, impacting countless internal and external services. BleepingComputer reports that the Image.canon service suffered an attack on July 30th, 2020, causing outages for Canon’s free 10GB storage services - and the theft of user data for customers making use of the free service.

On August 7, 2020, Cannon posted a notice to their customers apologizing to their cloud platform users, explaining,

"When Canon switched over to a new version of the software to control these services on July 30, the code to control the short-term storage operated on both of the short-term storage and the long-term storage functions, causing the loss of some images stored for more than 30 days.

By August 4, we identified the code causing the incident and corrected it. We found no unauthorized access to "image.canon". The incident caused no leakage of images.

There is no technical measure to restore lost video images. Still, images can be restored, but not with original resolutions. We offer our deepest apologies to affected users
".

A screenshot of the suspected ransom note confirms that the hacking group has used Maze Ransomware to infect and encrypt Canon customer files. The hackers threatened Canon saying, "We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms…We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info". [SIC] BleepingComputer reports that 10TB of data was stolen from Canon, with the ransom amount as yet unknown.

Maze ransomware (previously "ChaCha ransomware") was first discovered in May, 2019 and is designed to spread horizontally through an entire organizational network, copying and encrypting any data it encounters along the way - making it a data breach/ransomware attack combo that’s hard to beat and even harder to recover from. Maze ransomware has taken the extra step of creating an extra penalty for companies considering simply rolling back their network to saved copies from before the hacking event - by threatening to sell or release all stolen data if the ransom isn't paid. The first victim of Maze's new business model was Allied Universal, a security services firm who lost 700MB of data to Maze, which was then leaked when the company refused to pay the hackers.

The global average cost of a data breach is around $3.9 million (IBM), with a total estimated cost of over $2 trillion in 2019. Surprisingly, according to IBM, small or medium sized enterprise suffer higher costs than larger organizations, as larger companies with a dedicated incident response team can reduce the overall cost of a data breach by an average of $360,000 USD. With businesses falling victim to ransomware every 11 seconds according to Cybersecurity Ventures, it’s not so much of a reach to predict that your business will eventually be a victim as well, and with the average amount of time to discover a breach over 100 days, there is plenty of time for hackers to wreak havoc and steal what they need before encrypting the remaining files.

Why Sangfor Technologies?
What is incident response (IR) and what benefits can it provide your business? We are glad you asked. Extra precautions are never something people complain about, and Sangfor believes that incident response should be available to every business, regardless of size or location. Sangfor IR services provide pre-incident testing and analysis to determine the weaknesses in your business network and plug the holes. Should you be attacked, the Sangfor IR team will provide immediate support to minimize impact on your business and data. Finally, after the incident has been resolved, Sangfor will review protection capabilities and vulnerabilities that allowed the hackers access in the first place, reducing the risk of the same vulnerabilities being used in future attacks.

Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.