Cyber Security

Acer Taiwan and India Hit in 2nd and third Assaults of 2021

Breach Notification
Critical Infrastructure Security

PC and System Maker Seems to Have Been Focused by DESORDEN

Acer Taiwan and India Hit in 2nd and 3rd Attacks of 2021

After being targeted by a ransomware attack in March 2021, Acer, one of the world’s largest PC and device makers, has now suffered two further cyberattacks within a week.

See Also: Live Webinar | A Buyers’ Guide: What to Consider When Assessing a CASB

On Monday, Acer confirmed to Info Safety Media Group that it had detected an remoted assault on its native after-sales service system in India on Oct. 14, which concerned consumer information, and it mentioned it’s notifying all doubtlessly affected clients.

As well as, the corporate says that Acer Taiwan additionally suffered an assault, nevertheless, the corporate reviews that the assault on its Taiwan techniques doesn’t contain any buyer information.

DESORDEN menace actors are reported to have claimed accountability for the assault in response to

“To show our level that Acer is means behind in its cybersecurity results on defending its information and is a worldwide community of weak servers, we now have hacked and breached Acer Taiwan server, storing information on its worker and product data,” the hackers informed the information web site, because it reported on Saturday.

Earlier in March, the REvil ransomware gang posted what it claims is Acer firm information to its darknet “information” web site. It demanded $50 million from the Taiwanese agency. Reportedly, the assault could have taken benefit of the ProxyLogon flaw in an unpatched on-premises Microsoft Alternate server.

Acer is among the world’s largest producers of PCs, smartphones, gadgets and different {hardware}, together with desktop screens. Within the fourth quarter of 2020, it ranked fifth in worldwide PC shipments, with greater than 6.5 million desktops and laptops shipped through the quarter, in response to a January evaluation printed by IDC.

Assault Particulars

On Oct. 14 the menace actors posted a notice in a preferred hacking discussion board claiming that it had exfiltrated 60 GB of recordsdata and databases from Acer’s India-based servers. Acer says that this consists of its buyer, company, accounts and monetary information.

“Upon detection, we instantly initiated our safety protocols and carried out a full scan of our techniques. We’re notifying all doubtlessly affected clients in India, whereas the attacked Taiwan system doesn’t contain buyer information,” Acer spokesperson Steven Chung tells ISMG.

Chung additional states that the corporate has reported the incident to native regulation enforcement and related authorities, and that it has no materials affect to its operations and enterprise continuity.

The printed notice within the hacking discussion board additionally claims to have entry to greater than 3,000 login element units of Acer’s retailers and distributors in India.

Nevertheless, DESORDEN clarified to Databreaches.web that it didn’t make a requirement for separate cost for the Taiwan breach and has knowledgeable Acer to shut the vulnerability. Nevertheless, it’s nonetheless unclear if the menace actor is demanding a ransom for the India assault.

In keeping with, the menace actors in a follow-up communication described themselves as former associates of Chaos. Nevertheless, the group claimed that it’s DESORDEN Group, which stands for chaos and dysfunction.

“You may beforehand know us as ChaosCC however at present we now not have associations with ChaosCC,” the menace actors informed Databreaches.web notes. The group primarily targets provide chain networks and public companies; its information web site claims that if the victims fails to pay, the menace actors promote the stolen information on the black market.

Jake Williams, previously of the Nationwide Safety Company’s elite hacking staff and presently CTO at BreachQuest, notes that the complete particulars of any of the assaults on Acer’s IT techniques – earlier or present – will not be identified but. Nevertheless, when there are a number of assaults on a given group there are sometimes systemic safety points with the group.

“Most incident response occasions set off vital funding in safety by the group to stop repeat occurrences. It is simple to deduce on this case that funding in safety did not happen as desired,” Williams says. “Within the Acer case, we must also take into account that they’re a producer and have vital OT belongings. These are likely to have a for much longer substitute lifecycle and infrequently run-on unsupported {hardware} and software program, creating extra alternatives for assault. Whereas IT is troublesome to safe in any case, OT is doubly so. Their multinational footprint can be makes securing the whole community harder.”

March Assault

Acer was hit by the ransomware gang REvil, aka Sobinokibi, in March which demanded $50 million from the Taiwanese agency, in response to Bleeping Laptop, which first reported the assault and has since printed a duplicate of the ransom notice (see: Acer Reportedly Targeted by Ransomware Gang).

ISMG had accessed a number of screenshots from the REvil darknet web site that present buyer information, cost utility kinds and different data that the gang claimed it stole from Acer throughout an assault.

REvil is thought for utilizing a double extortion methodology that targets victims. Not solely does the group use crypto-locking malware to encrypt information and recordsdata at a victimized group, however the cybercrooks then steal and threaten to publish that data if calls for will not be met.

DESORDEN has additionally warned Acer that it’ll leak extra information on-line quickly.

Source link