This year has seen hacking-for-ransom groups carry out a spate of high-profile attacks on businesses as varied as fuel supplier Colonial, laptop maker Acer and Irish and US health services. The latest company to divulge a ransomware-fueled data breach is audio equipment manufacturer Bose, according to cybersecurity site Bleeping Computer. In a notification letter filed with New Hampshire's Office of the Attorney General, Bose said that it "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."
Breaking down its handling of the breach, Bose said it first detected the attack on March 7th and immediately began working to "contain" it with the help of technical staff and security experts. It added that it has since safely restored its systems. On April 29th, the company discovered that the perpetrator of the attack may have accessed a small number of internal spreadsheets containing information on current and former employees. The files included the workers' names, social security numbers, and compensation info.
Bose added that its forensics evidence indicates that the "threat actor interacted with a limited set of folders." But, it admitted that it had no way to confirm whether any of the data was stolen. The company has employed experts to monitor the Dark Web for signs of "leaked" information. As of now, Bose said it had not received "any indication" that the exposed data has been "unlawfully disseminated, sold, or otherwise disclosed." The company told Bleeping Computer that it did not make a ransom payment.
To mitigate against future attacks, Bose said it is bolstering safeguards across its systems, including enhanced malware and ransomware protections on endpoints. It's also conducting a detailed forensic examination on its impacted servers, blocking malicious files used in the attack and changing passwords and access keys for all service accounts.
The Bose data breach is the latest wake-up call for businesses. It serves as another reminder that criminal hackers are increasingly taking advantage of the upheaval to corporate working practices caused by the pandemic. As more businesses embrace hybrid work models, where staff split their time between the home and the office, weak security systems will likely continue to come under attack.