An unauthorized browser that an employee downloaded from the Internet, installed, and allegedly used as a gateway for a cyber attack on Continental. Handelsblatt reports, citing an internal company video, in which the group’s IT security chief gives new details. The employee made it possible for cyber criminals from the Lockbit group to access his user accounts and passwords, which got into the system. There, criminals quickly took over critical accounts and tapped data for weeks without being noticed. It is still not clear why the browser could be installed at all.
Continental did not comment on reports of online piracy, but did an information page about Specified. It states that the employee “executed malicious software in disguise”.
No visible attack pattern
The cyber attack at Continental was discovered internally on August 4, by which time the cyber criminals had been in the system for a month. Despite this, the Lockbit group was able to download approximately 40 terabytes of data. No pattern has been found in the analysis of the data obtained so far, further quotes Handelsblatt, The Hannover-based group has convened a crisis council, but an assessment will take weeks. Particularly sensitive and protected data from the HR department should not be affected, but they are still looking for potentially important data.
Lockbit Group has offered data for sale on the darknet for US$50 million, only a directory of files consisting of 421MB compressed. Continental initially reported that the attack had been repelled and that IT systems were under control, and that there was no damage. The group later acknowledged the seriousness of the theft and assured that it was working on an explanation with top priority. Handelsblatt said that previously criticized by the company that too little information was shared internally, the video now produced is considered an improvement.
(mho)
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.
