Darktrace comments on Maze’s hack of Canon
August 2020 by Max Heinemeyer, Director of Threat Hunting at Darktrace
Yesterday, the Canon company was the victim of a ransomware attack that could also have resulted in data theft - the group of cybercriminals named Maze is suspected of being responsible. Max Heinemeyer’s commentary, Director of Threat Hunting at Darktrace, on this evolving situation.
Maze are a highly professionalised cyber-crime group who often vie for a reputation as much as monetary gain – identifying viable targets, infiltrating their systems, encrypting data where it hurts the most and threatening to publish the data if the ransom is not paid. In this case, theft of personal photos might well be what secures a faster payment for the attackers. Spear-phishing, credential abuse and exploiting vulnerable internet-facing servers are all ways that groups like Maze might gain entry into their victim’s enterprise. If an attack is viable, then hackers will go for it.
The dwell time of these attacks is shockingly low – often it takes only a few days from the initial intrusion to the deployment of ransomware that shuts down an organization at computer speed, offering the victim no way out. Ransomware is often novel malware and therefore goes undetected by traditional security tools. AI is the best bulwark against these attacks as it is not only capable of identifying the abnormal behaviour associated with a ransomware attack, but also disrupts the activity at machine-speed.