Japanese electronics giant Panasonic has confirmed that its Canadian division suffered a cyberattack in February, after ransomware-as-a-service (RaaS) gang Conti leaked data to its dark web site last week. It is the third high-profile cyberattack that Panasonic has suffered in the past 18 months, a sign that global conglomerates can be a soft target.
Panasonic cyberattack: HR files leaked
In a statement provided to TechCrunch yesterday, Panasonic confirmed that its Canadian operations had been breached in a “targeted cybersecurity attack” in February.
“We took immediate action to address the issue with assistance from cybersecurity experts and our service providers,” the company said. “This included identifying the scope of impact, containing the malware, cleaning and restoring servers, rebuilding applications and communicating rapidly with affected customers and relevant authorities.”
On April 5th, Conti shared a number of files, ostensibly stolen from Panasonic Canada, on its dark web leak site. A screen shot seen by Tech Monitor appears to show folders containing HR documents and other potentially sensitive files.
Conti’s motivation in sharing this data online is “to validate the hack and pressure the victim into paying,” explains Jon DiMaggio, chief security strategist at threat intelligence provider Analyst1.
“We can expect the data to be released or sold if Panasonic does not pay the ransom,” DiMaggio adds. Panasonic has not revealed whether a ransom has been demanded or paid.
Panasonic’s cybersecurity headaches
This is the second high-profile cyberattack that Panasonic has suffered in the past six months, and the third in 18 months.
In November last year, it disclosed a breach in which its network was “illegally accessed by a third party.” The company “determined that some data on a file server had been accessed during the intrusion”.
The intruders had access to the company’s systems for more than four months before being detected, according to reports at the time, and were able to access customer and employee sensitive information.
In October 2020, Russian cybercriminals released a 4GB cache of data stolen from Panasonic’s Indian division and demanded a $500,000 ransom. The company told reporters that the data was not sensitive.
Global conglomerates such as Panasonic can be an easy target for cybercriminals, says Andy Norton, European cyber risk officer at security vendor Armis, due to their scale and organisational complexity.
“Global and diverse organisations such as Panasonic often fall victim,” Norton explains, “firstly because they have difficulty in accurately assessing the risk to the various elements of their organisation, simply due to the fact that they don’t have the visibility into the various business units. And secondly, because they are then unable to apply consistent risk management controls across the board.”
Panasonic cyberattack: Conti strikes again
Conti was the most prolific ransomware group last year, according to research by security company Sophos, accounting for 16% of ransomware attacks.
It has notched up at least 700 victims and has a track record of targeting healthcare providers. The group claimed responsibility for the ransomware attack on Ireland's Health Service Executive last year, which may cost the organisation up to an estimated €100m.
Conti, which is believed to operate in Russia, has become embroiled in the Ukraine conflict. Pro-Ukraine hackers infiltrated the group last month and leaked internal communications online. One group has since claimed to have used Conti's own ransomware against Russian targets.
Unusually, the group continues to operate under the 'Conti' brand despite this exposure. “Ransomware groups tend to reinvent themselves with different identities following too much notoriety," says Norton. "However, Conti has not felt the need to do that after their own leak.”