Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Cyber-expert commentary on Holdcroft Motor Group cyber attack

August 2022 by Kelvin Murray - Senior Threat Researcher, Carbonite + Webroot

Holdcroft Motor Group has fallen victim to a major cyber-attack that caused ‘significant damage’ and may have compromised employees’ information.

The commentary from Kelvin Murray - Senior Threat Researcher, Carbonite + Webroot on how attacks like these will impact the motor industry going forward.

“This latest hack is a stark reminder that no sector is safe when it comes to ransomware attacks, and again demonstrates how cyber-criminals are demanding higher ransom fees than ever before. This tactic of going after huge pay-outs is referred to ‘big game hunting’ – and it’s a trend that we’ve seen increasing significantly over the past five years or so. The groups behind these attacks are usually very professional – seen as the ‘rock stars’ of their field of cybercrime – and usually have highly developed malware and criminal infrastructures in place.

With the attack causing data loss stretching back years and the company’s core systems ‘damaged beyond repair’, Holdcroft Motor Group is likely experiencing the hidden costs of ransomware – which could include operational costs (loss of time), brand and reputational damage, data loss costs and heavy hits in the way of insurance premiums. Often the hidden or additional costs of the attack amount to much more than the cost of the ransom itself, which is why the company be considering payment to the attackers – if they haven’t already.

Speculation also remains regarding the cause of the cyber-attack. But in our experience, although the methods cyber-criminals use are hi-tech the number one cause of breaches remains is user error. With that in mind, all businesses should ensure they have clearly defined security policies and procedures to avoid any leak of information. This starts with employee education, which underscores all effective cyber resilience and data protection strategies. Security awareness training programmes can now inform and educate employees on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics. Attack simulations can also be used to automatically send users for re-education should any training issues be identified.”




See previous articles

    

See next articles