Clorox is not disclosing the details related to its cyberattack in August that forced the company to shut down automated systems and move to manual processes—wreaking havoc on its supply chain and quarterly financials. But let this be a reminder to every CPG: You could be next. And the stakes are getting higher as ransomware groups turn to new tactics that deliver a one-two punch.
According to the Federal Bureau of Investigation (FBI), two trends have emerged that include multiple ransomware attacks on the same organization in close date proximity—typically within 48 hours—and with new data destruction tactics.
First observed in July 2023, the FBI noted that during these attacks, cyber threat actors deployed two different ransomware variants in various combinations against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal. “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Second ransomware attacks against an already compromised system could significantly harm victim entities,” the agency said.
In addition, it could be difficult to detect. According to the FBI: “In early 2022, multiple ransomware groups increased use of custom data theft, wiper tools, and malware to pressure victims to negotiate. In some cases, new code was added to known data theft tools to prevent detection. In other cases in 2022, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals.”
The FBI describes this new threat in a private industry notification that it released at the end of September. In that document, there is a large list of recommendations to help companies reduce the risk associated with a ransomware attack. Steps to protect the controls architecture specifically include: Network segmentation; network monitoring tools; update and enable real time detection on antivirus software; secure and closely monitor remote desktop protocol (RDP) use.
|