Capcom - Customized Randsomware attack and lost source code

[wanderingfool2]

Capcom has been hit with a randsomware attack which has leaked employee HR data and has potentially leaked customer service customer data, and more (credit card information not affected)

 

http://www.capcom.co.jp/ir/english/news/html/e201116.html

Quote

Capcom Co., Ltd. (Capcom) announced that it has been the victim of a customized ransomware attack

[...]

1. Information verified to have been compromised

i. Personal information: 9 items

• Personal information of former employees: 5 items
  (Name & signature: 2 items; name & address: 1 item; passport information: 2 items)
• Personal information of employees: 4 items
  (Name and HR information: 3 items; name & signature: 1 item)

ii. Other information

• Sales reports
• Financial information

 

This is really unfortunate, and makes me wonder whether this could lead to the end of Capcom (although they might have data breach insurance).  It's unfortunate that companies need to defend against this sort of attack, given that the more frequent these types of targeted attacks become the more likely restrictions will get put in place at companies which hurt productivity (or make it less pleasurable to work for).  e.g. Additional procedures when opening emails, having air gap computers to work on internal (and a secondary thing to do things like email/communication).

 

It makes me wonder if the hackers originally got in via a zero-day, or just an unpatched SMB server, they detected an issue on Nov 2, went public Nov 4, and updated it Nov 12/16 once they figured out what was going on.  The attackers also deleted the logs, so it was harder for Capcom to figure out what they had access to

 

Good on Capcom though for releasing statements early

[piemadd]

Wait where does it say they lost any source code?

[PlayStation 2]

2020's been the year of stolen source code from game companies, huh?

[wanderingfool2]

23 minutes ago, pierom_qwerty said:

Wait where does it say they lost any source code?

It's on the internet right now.  The capcom press release doesn't mention it, but it is out there.

[Arika]

4 hours ago, wanderingfool2 said:

This is really unfortunate, and makes me wonder whether this could lead to the end of Capcom

Lolwat? 

 

If this was enough to take down a company as big as Capcom, then most major companies wouldn't exist right now. 

[Dracarris]

5 hours ago, wanderingfool2 said:

e.g. Additional procedures when opening emails, having air gap computers to work on internal (and a secondary thing to do things like email/communication).

This is the Status Quo for years already in every company that really cares about security and keeping their IP. Usually source code is kept within physically isolated inner, higher-level zones that you can only VNC remote-in through a few hand-picked open ports, of course with disabled VNC clipboard. You can easily send in new stuff through dedicated dropboxes, but every "data withdrawal" needs authorization and is tightly controlled and documented.

 

There are even standards that need to be adhered to to get certified, and many companies will refuse to to work with any other company that does not hold such certification.

[wanderingfool2]

58 minutes ago, Arika S said:

Lolwat? 

 

If this was enough to take down a company as big as Capcom, then most major companies wouldn't exist right now. 

The total amount of data that was lost, if they didn't have insurance they could be on the hook for quite a large lawsuit.  (Could be a good opportunity to get bought out)

 

16 minutes ago, Dracarris said:

This is the Status Quo for years already in every company that really cares about security and keeping their IP. Usually source code is kept within physically isolated inner, higher-level zones that you can only VNC remote-in through a few hand-picked open ports, of course with disabled VNC clipboard. You can easily send in new stuff through dedicated dropboxes, but every "data withdrawal" needs authorization and is tightly controlled and documented.

 

There are even standards that need to be adhered to to get certified, and many companies will refuse to to work with any other company that does not hold such certification.

Technically not air-gap ;)  But yea, I get what you mean.  Having jump servers in place, added controls etc....all of which stifle employee's productivity though (and realistically can't be done on things like SMB's without totally messing people up).  As it stands, even in companies that are dependent on computer there are a ton of users who call in issues where the issue about access or broken software turns into a ticket on "PEBKAC".

[Arika]

47 minutes ago, wanderingfool2 said:

The total amount of data that was lost, if they didn't have insurance they could be on the hook for quite a large lawsuit.  (Could be a good opportunity to get bought out)

i point to facebook. they still exist despite the cambridge analytica scandal where MILLIONS of people's data was acquired (and all the other facebook lawsuits).

 

There is no one that could buy capcom that would not immediately drag it into the ground. That would actually be worse than them getting shut down.

[Vishera]

 

[Brooksie359]

2 hours ago, Vishera said:

 

So nothing important i see lol. How did they get all that game info is beyond me. You would think that there would be better security for those types of things.

[Chiyawa]

About 10% of companies (including big one) still run Windows Server 2008. This is probably the reason how they are being hacked.

[DeScruff]

On 11/17/2020 at 9:26 PM, Brooksie359 said:

So nothing important i see lol. How did they get all that game info is beyond me. You would think that there would be better security for those types of things.

Think of your own workplace, and think of anything that is wrong about it that nobody is going to fix.
Maybe its a leaky pipe, maybe its a floor tile that keeps popping out, maybe register number 4 always has issues.

You notice these things cause you work there everyday and use them. The IT staff has the same feeling about their things
 

[Brooksie359]

6 hours ago, DeScruff said:

Think of your own workplace, and think of anything that is wrong about it that nobody is going to fix.
Maybe its a leaky pipe, maybe its a floor tile that keeps popping out, maybe register number 4 always has issues.

You notice these things cause you work there everyday and use them. The IT staff has the same feeling about their things
 

Well I work at a Mechanical Electrical and Plumbing engineering firm so if there was anything like that we would get it fixed so I don't have any things like that in my office. I would assume it is the same with any office where you want fix anything like that and the same should go with IT. If you knew there were security risks then you should fix it and any good company would strive the invest to fix those issues just like you would with a leaky pipe. Yeah it will cost a bit to replace but its better than waiting for that leaky pipe to break completely and now you have water everywhere. You leave a leaky cyber security system and then you end up with your source code online like they have. 

[wanderingfool2]

1 hour ago, Brooksie359 said:

Well I work at a Mechanical Electrical and Plumbing engineering firm so if there was anything like that we would get it fixed so I don't have any things like that in my office. I would assume it is the same with any office where you want fix anything like that and the same should go with IT. If you knew there were security risks then you should fix it and any good company would strive the invest to fix those issues just like you would with a leaky pipe. Yeah it will cost a bit to replace but its better than waiting for that leaky pipe to break completely and now you have water everywhere. You leave a leaky cyber security system and then you end up with your source code online like they have. 

Risk analysis, along with cost can be deciding factors.  Even when all that is said and done, a zero-day/targeted assault on a company can't always be stopped (without a significant loss in productivity in general or significantly higher costs).  Users are the biggest fault when it comes to leaks, like copying files that they aren't suppose to into shared drives...double clicking a password protected zip file and entering the password given and executing the program within it (yes, I've seen that happen and no the user didn't get punished because they were an "important" higher up).

 

Computer security can come at the cost of lost productivity (in that the more secure you make things, the more cumbersome I typically find it is on the end user to do general day to day tasks)...e.g. An user kept having to access their shared drive via logging into VPN, they got tired of having to constantly do that so they took an USB stick and started saving their files on there (luckily it wasn't lost, but the concept is user's will break the rules if it means convenience for them)