ISA is committed to keeping the security community up to date with the latest cybersecurity news.
Video game studio Capcom hit by ransomware attack
Video game studio Capcom, creator of the Street Fighter and Resident Evil series of games, has been hit by a ransomware attack. According to a corporate statement published two days after the November 2 attack, Capcom announced that the incident had affected access to several internal systems – including email and file servers. According to an investigation by security news site Bleeping Computer, Ragnar ransomware was used in the attack, and up to 1Tb of corporate data was exfiltrated.
“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders,” according to their November 4 bulletin. They reassured users that that the attack did not disclose any customer information, and confirmed that the incident did not affect online game play or access to the company’s websites.
The statement concluded, “Capcom is consulting with the police as well as other related authorities while both carrying out an investigation and taking measures to restore its systems. The company will continue to offer relevant updates as the facts become clear, via its websites and other means.”
According to the Bleeping Computer report, a ransom note left on Capcom’s network after the attack claims that corporate data – including banking statements, financial files, intellectual property, corporate agreements and contracts, non-disclosure agreements and private corporate correspondence (e.g., emails, marketing materials, audit reports) – has been exfiltrated.
As discussed in recent ISA articles on cybersecurity in the gaming industry and fraud in the gaming industry, video game studios are increasingly becoming prime targets for attack due to the massive dollars involved in the industry. This significant data breach, coupled with Egregor ransomware attacks in October against game developers Ubisoft and Crytek, signal that video game studios must take heightened precautions against cyber threat.
75,000 “deleted” files found on secondhand USB drives
Researchers from Abertay University in Dundee, Scotland conducted a study in which they assessed the contents of 100 used USB drives purchased on eBay. The results? They discovered over 75,000 files still lingering on the secondhand devices. Some of the drives contained files named “passwords” and images with embedded location data. Many of the files found on the drives were determined to be of “high sensitivity”, according to the researchers.
Of the 100 drives that were analyzed, two had data that was immediately visible, suggesting that the sellers had made no effort at all to clear the contents of the devices. Of the 98 drives that “appeared” to be empty, the researchers were able to recover full data from 42, and achieved partial data recovery from an additional 26 drives. Only 32 out of the 100-device sample had no recoverable data at all.
Professor Karen Renaud, from Abertay’s division of cybersecurity, found the results of the study “extremely concerning”. While there was no excuse for the two unwiped drives, she felt that some sellers may have developed a false sense of security by merely deleting the files from the drive before selling them, unaware that the data can easily be restored using publicly available recovery tools and techniques.
Equally troubling is that the results of the 2020 study mirror those of similar studies conducting in 2009, 2011 and 2015. In short, the public does not seem to be getting the message about proper cyber hygiene when discarding unwanted electronics.
When disposing of used USBs, it is recommended that the drive be securely discarded or destroyed. If an individual is set on re-selling a used drive, they are urged to investigate the use of a drive-scrubbing software application to have greater confidence that the contents of the drive are truly gone.
Of additional interest in the study: none of the 100 drives appeared to have any trace of spyware, viruses, or other malware.
Full details of the June study have been published under the title Caveat Venditor, Used USB Drive Owner (caveat venditor is Latin for “seller beware”). The research was led by student James Conacher for his Masters project under the supervision of Professor Renaud.
Chatham County, NC systems knocked out by cyber attack
In another cyber attack against the public sector, an incident has disrupted the network, email, and phone system of the Chatham County government, centred in Pittsboro, North Carolina. Though the initial attack occurred on October 28, systems are still down over a week later as of November 8. County services and officials have posted a list of temporary email addresses (under the domain “chathameoc.com”, likely referring to Chatham County’s emergency operations centre) and phone numbers as the investigation into the breach continues. Internet access within the offices is being provided by mobile phone hotspots, as the central network and services remain down.
The county has posted an FAQ page regarding the incident, but has not disclosed the nature or scope of the attack, and has not confirmed whether personal information was involved in the breach.
“We are working with law enforcement and support agencies so we can recover from this incident as soon as possible. Our priority is to restore our systems in a secure manner and maintain the provision of critical services,” advised County Manager Dan LaMontagne in a statement.
LaMontagne did confirm that “Chatham County 911 communications were not impacted and continue to operate without issue. Chatham County early voting also was not affected in this incident,” an important point given that North Carolina remains one of the tightest races in the U.S. presidential election. The elections office was reportedly unaffected because it is connected to a network at the state level, and was not compromised in the county-level attack.
In an update late on November 7, LaMontagne conceded that a “timeline has not been established for full service restoration”, but assured citizens that IT teams were working around the clock and were making progress in their efforts. In addition to posting updates on their web page, the county is making heavy use of social media channels Facebook, Twitter and Nextdoor to provide news as it becomes available.