RSS
 

Posts Tagged ‘Ransomware’

Canon confirms August ransomware attack, notes past and current employees affected

01 Dec

In August, we reported that Canon suffered a ransomware attack that, allegedly, saw more than 10TB of data taken from Canon’s servers. At the time, a Canon representative told us the company was ‘investigating the situation,’ but the company never confirmed the attack took place. Now, three months later, Canon has confirmed in a statement that an attack did take place as well as details on exactly what information was taken from its servers.

The notice, first spotted by Canon Watch, states information of past and current employees ‘who were employed by Canon U.S.A., Inc. and certain subsidiaries, predecessors and affiliates from 2005 to 2020’ was taken. This data, which also includes employees’ beneficiaries and dependents when applicable, includes ‘Social Security number, driver’s license number or government-issued identification number, financial account number provided to Canon for direct deposit, electronic signature, and date of birth.’

A notice originally sent to Canon employees notifying them of the cyberattack.

Canon says it immediately opened an investigation, hired a cybersecurity firm and contacted law enforcement, who helped to support the investigation.

To assist with those whose information was taken in the attack, Canon is offering a free membership to a credit monitoring service to help ‘detect possible misuse of an individual’s information and provides the individual with identity protection services.’

Canon statement:

Canon statement about the ransomware attack:

Notice of Data Security Incident

Canon understands the importance of protecting information. We are informing current and former employees who were employed by Canon U.S.A., Inc. and certain subsidiaries, predecessors, and affiliates1 from 2005 to 2020 and those employees’ beneficiaries and dependents of an incident that involved some of their information. This notice explains the incident, measures we have taken, and steps you can take in response.

We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations. We notified law enforcement and worked to support the investigation. We also implemented additional security measures to further enhance the security of our network.

We determined that there was unauthorized activity on our network between July 20, 2020 and August 6, 2020. During that time, there was unauthorized access to files on our file servers. We completed a careful review of the file servers on November 2, 2020 and determined that there were files that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents. The information in the files included the individuals’ names and one or more of the following data elements: Social Security number, driver’s license number or government-issued identification number, financial account number provided to Canon for direct deposit, electronic signature, and date of birth.

We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously. As a precaution, we have arranged for them to receive a complimentary membership to Experian’s® IdentityWorksSM credit monitoring service. This product helps detect possible misuse of an individual’s information and provides the individual with identity protection services. IdentityWorksSM is completely free to the individual, and enrolling in this program will not hurt the individual’s credit score. If you are a current or former employee, or the beneficiary or dependent of a current or former employee, and would like more information on IdentityWorksSM, including instructions on how to activate your complimentary membership, please call our dedicated call center for this incident at 1-833-960-3574. For information on additional steps you can take in response, please see the additional information provided below.

We regret that this occurred and apologize for any inconvenience. If you have additional questions, please call 1-833-960-3574, Monday through Friday, between 9:00 a.m. and 6:30 p.m., Eastern Time.

1This notice is being provided by or on behalf of Canon U.S.A., Inc. and the following subsidiaries, predecessors, and affiliates: Canon BioMedical, Inc., Canon Business Solutions-Central, Inc., Canon Business Solutions-Mountain West, Inc., Canon Business Solutions-NewCal, Inc., Canon Business Solutions-Tereck, Inc., Canon Business Solutions-West, Inc., Canon Development Americas, Inc., Canon Financial Services, Inc., Canon Information and Imaging Solutions, Inc., Canon Information Technology Systems, Inc., Canon Latin America, Inc., Canon Medical Components U.S.A., Inc., Canon Software America, Inc., Canon Solutions America, Inc., Canon Technology Solutions, Inc., Canon U.S. Life Sciences, Inc., NT-ware USA, Inc., Océ Imaging Supplies, Inc., Océ Imagistics Inc., Océ North America, Inc., Océ Reprographic Technologies Corporation, and Virtual Imaging, Inc.

ADDITIONAL STEPS YOU CAN TAKE

We remind you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit?www.annualcreditreport.com?or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

  • Equifax, PO Box 740241, Atlanta, GA 30374,?www.equifax.com, 1-800-685-1111
  • Experian, PO Box 2002, Allen, TX 75013,?www.experian.com, 1-888-397-3742
  • TransUnion, PO Box 2000, Chester, PA 19016,?www.transunion.com, 1-800-916-8800

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

  • Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338),?www.ftc.gov/idtheft

Articles: Digital Photography Review (dpreview.com)

 
Comments Off on Canon confirms August ransomware attack, notes past and current employees affected

Posted in Uncategorized

 

Report: Canon had 10TB of data stolen off its servers in ransomware attack

06 Aug
A server room — but not Canon’s

Canon can’t catch a break. According to a report from BleepingComputer, Canon has been hit by a ransomware attack that’s resulted in more than 10TB (yes, terabytes) of data being taken from Canon servers.

In a detailed report, BleepingComputer says known ransomware group ‘Maze’ has taken credit for the attack, which has affected nearly every facet of the company, both internal and consumer-facing. BleepingComputer also reports Canon’s IT department has sent out a company-wide message that reads:

‘Message from IT Service Center

Attention: Canon USA is experiencing widesrpead system issues, affecting multiple applications, Teams, Email and other systems may not be available at this time. We apologize for the inconvenience — a status update will be provided as soon as possible.’

A number of the below domains from Canon show this error when attempting to visit.

At this time, the following domains of Canon are being affected:

  • www.canonusa.com
  • www.canonbroadcast.com
  • b2cweb.usa.canon.com
  • canondv.com
  • canobeam.com
  • canoneos.com
  • bjc8200.com
  • canonhdec.com
  • bjc8500.com
  • usa.canon.com
  • imagerunner.com
  • multispot.com
  • canoncamerashop.com
  • canoncctv.com
  • canonhelp.com
  • bjc-8500.com
  • canonbroadcast.com
  • imageland.net
  • consumer.usa.canon.com
  • bjc-8200.com
  • bjc3000.com
  • downloadlibrary.usa.canon.com
  • www.cusa.canon.com
  • www.canondv.com

BleepingComputer also shared a partial screenshot it claims is ‘the alleged Canon ransom note.’ Maze, the ransomware operators claiming to be behind the attack, says it stole 10TB of data, private databases and more, but failed to provide any information on how much of a ransom it’s asking and proof of what was taken.

The recent issues with Canon’s cloud-based media platform, image.canon, are unrelated to this ransomware attack, according to Maze.

BleepingComputer describes Maze as ‘an enterprise-targeting human-operated ransomware that compromises and stealthily spreads laterally through a network until it gains access to an administrator account and the system’s Windows domain controller.’ Maze is behind ransomware attacks on numerous other enterprises, such as LG, Xerox and more.

We contacted Canon for more information on the matter, to which Canon’s PR team replied ‘We are currently investigating the situation.’

Articles: Digital Photography Review (dpreview.com)

 
Comments Off on Report: Canon had 10TB of data stolen off its servers in ransomware attack

Posted in Uncategorized

 

Security firm Check Point shows how ransomware can be installed on Canon cameras

13 Aug

Security researchers with Check Point Research have demonstrated that it is possible to incapacitate a DSLR camera using wirelessly transmitted ransomware, a type of malware that forces victims to pay in order to decrypt their data. Though the demonstration involved using Wi-Fi, the researchers say it is also possible to hijack a DSLR camera using USB.

Modern cameras feature an unauthenticated protocol called Picture Transfer Protocol (PTP) that comes in two varieties: PTP/USB for wired connections and PTP/IP for wireless connections. Whereas USB requires the hacker to compromise the camera owner’s computer, Wi-Fi makes it possible to target the camera directly by simply being located near the device.

The DSLR malware demonstration involved a Canon EOS 80D camera, with the researchers explaining that they chose this model due to Canon’s popularity combined with the 80D’s support for USB, Wi-Fi and open-source software called Magic Lantern.

The researchers detailed the technical aspects of developing this malware in a blog post, ultimately explaining:

‘The ransomware uses the same cryptographic functions as the firmware update process, and calls the same AES functions in the firmware. After encrypting all of the files on the SD Card, the ransomware displays the ransom message to the user.’

It’s possible for hackers to set up a rogue Wi-Fi access point that causes these Wi-Fi-enabled cameras to automatically connect to the network, after which point the ransomware can be deployed. In a real-world scenario, this malware would demand payment from the victim — usually a few hundred dollars — in order to decrypt the images on the camera.

According to Check Point Research, Canon was contacted about these vulnerabilities in March and worked with the company to patch the security issues. Canon released the first security patch on August 6 alongside an advisory, shared below, detailing the PTP vulnerability and the cameras affected by by it.

Product advisory:

Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions

August 6, 2019 — Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. (CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001?

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.

Articles: Digital Photography Review (dpreview.com)

 
Comments Off on Security firm Check Point shows how ransomware can be installed on Canon cameras

Posted in Uncategorized

 

Your Money or Your Photographs! Ransomware and How to Survive an Online Stickup

08 Jul

ATTENTION! Your PC is blocked due at least one of the reasons specified below. The warning is dire. You’ve been “caught” doing something illegal. Your photos and other data have been locked away from you because it’s “evidence” against you. But don’t worry, if you pay the “fine,” all will be released and you’re off the hook. Don’t pay and, Continue Reading

The post Your Money or Your Photographs! Ransomware and How to Survive an Online Stickup appeared first on Photodoto.


Photodoto

 
Comments Off on Your Money or Your Photographs! Ransomware and How to Survive an Online Stickup

Posted in Photography