Commentary on the Hyundai Motor Europe ransomware attack
February 2024 by Daniel Lattimer, Vice President, Semperis
The Hyundai Motor Europe ransomware attack today, the commentary below from Dan Lattimer, Vice President, Semperis.
With Hyundai Motor Europe confirming that it became the latest victim of the Black Basta ransomware gang, it does again highlight the advantage persistent and motivated threat groups have against even the largest companies in the world. Hyundai deploys a deep and talented team of security professionals, has prevented hundreds of cyberattacks from becoming significant, but yet again finds itself in the crosshairs again.
Today, global organisations have to assume a post breach mindset, vastly improve their response and recovery times to limit disruptions. Too often, steely-eyed and determined threat actors compromise organisations and take whatever they want like school bullies.
Now is the time for defenders to fight back. Following these recommendations will improve response and recovery time and limit business disruptions:
1. Organisations need to assess what their critical systems are, including infrastructure such as Active Directory (AD), because nine out of 10 cyberattacks target it.
2. Make sure to monitor for unauthorized changes occurring in their AD infrastructure.
3. Have real-time visibility to changes to elevated network accounts and groups.
4. Make sure their systems are backed up.
5. With backups operating, a clean system recovery can be performed where forensics and deep inspections take place to clean the environment.
6. Save the compromised environment to perform a full forensics investigation to learn about the threat actor’s tactics, techniques, and procedures.