Apple Ransomware Attack

2nd May 2021 | Cyber Security

Third Party Compromise strikes again.

A Taiwanese manufacturer, Quanta Computer, which supplies Apple Inc with hardware used in some their
devices, stated that on 21 April 2021 it had suffered a ransomware attack by the REvil ransomware group. A staggering ransom, set at $50 million (USD), was demanded to be paid in order to prevent leaking sensitive files of Apple’s new technology on the Dark Web.

In a post shared on its deep web portal ‘Happy Blog’, the threat actor said it came into possession of
schematics of the U.S. company’s products such as MacBooks and Apple Watch, by infiltrating the network of the Quanta Computer, claiming it’s making a ransom demand to Apple after Quanta expressed no interest in paying to recover the stolen blueprints.

“Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands,” the REvil operators said. “We recommend that Apple buy back the available data by May 1.”
Detected in June 2019, REvil also known as Sodinokibi or Sodin has emerged as one of the most prolific
ransomware-as-a-service (RaaS) groups, with the gang being the first to adopt the so-called technique of “double extortion” that has since been emulated by other groups.

How could Securecom have helped ?

Securecom’s TPRM (Third Party Risk Management) platform provider, Black Kite, has been continuously monitoring Quanta Computers since August 2020.

As illustrated in the security score graph, Quanta experienced a significant increase in security related issues towards the end of 2020.

Had Securecom been monitoring Apple’s third party’s on their behalf, we would have been in the position to advise them of Quanta’s notable drop in security score in December 2020, as well as create a security strategy that could have been passed on to Quanta, to help drive their security posture recovery.

Our TPRM platform provider automatically initiated a scan on Quanta Computer in April 2021, likely only days before the attack. Based on their findings, there were clearly identified issues that could have alerted Apple to advise Quanta Computers in advance.
The Ransomware Susceptibility Index (RSI) approximated Quanta Computers at a 0.787 out of 1, indicating a very high risk of incurring a ransomware attack. There are 150 indicators included in this alarming RSI index, ranging from possible vulnerabilities on outdated products that allow remote code execution to poor email security.
The technical report on the company also indicates a poor cybersecurity posture. In addition to the vulnerabilities that can be exploited by threat actors to execute a ransomware attack, the past issues in email security and leaked credentials also make the company susceptible to phishing and social engineering attacks, that are usually followed by a ransomware attack.

Our message ?

Companies such as Apple Inc or even our very own RBNZ, are not immune to negative financial impact due to organisations within their supply chain being compromised. Actively monitoring your company’s third party cyber security posture, is a proactive control in securing your business’ data. Securecom are equipped to provide the intelligence on your vendors or third parties within hours.

Contact us on 0800 002 015 or via our website’s contact page.