Ransomware has struck audio equipment company Bose in an attack initially detailed in a letter to the New Hampshire Attorney General John Formella. The letter doesn’t clarify the type of Ransomware used in the attack or which group was behind it. It does explain that the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across Bose’s environment.” Bose and forensic analysts determined that those behind the attack managed to access internal administrative, human resources files that contained the social security numbers, addresses, and compensation information of some employees.
The company said it could not confirm that the people behind the take did not take files or information out of the system. It is unclear if a ransom was paid.
Bose Corporation is an American manufacturing company that predominantly sells audio equipment. The company was established by Amar Bose in 1964 and is based in Framingham, Massachusetts. Bose is best known for its home audio systems and speakers, noise-cancelling headphones, professional audio products and automobile sound systems. Bose has a reputation for being particularly protective of its patents, trademarks, and brands.
Bose is working with both a private investigation firm and the FBI to assess if data from the Ransomware attack was leaked onto the dark web. According to the letter, no data has leaked yet.
The company has now implemented “enhanced malware/ransomware protection” on endpoints and servers, blocked malicious files used during the attack, put in place monitoring tools to watch for subsequent attacks, and more.
Employees who have been affected by the attack have been offered identity protection services by IdentityForce, a third-party identity safety company.
Saryu Nayyar, CEO of risk-assessment company Gurucul, commended Bose for publicly disclosing the attack but noted that the timeline of events the company described in the letter was problematic.
“It’s important to share what thieves are doing as they are doing it to engage the necessary authorities and cyber defense experts to lessen the ripple effect of the attack. The notification letter was pretty thorough, however, the timelines are concerning. It took Bose 1.5 months to discover which data was accessed and potentially exfiltrated. It took another 3 weeks for the company to notify the affected individuals, which is a lifetime for an attacker to use that data for malice,” she said.
Other experts also noted the lengthy response time from Bose, which may have endangered the people affected by the breach.
Pathlock president Kevin Dunne said Bose could have reacted faster and taken more responsibility for the attack while also laying out a clear plan for how they would prevent these future attacks from happening.
“There is a lesson learned from this attack for all enterprises — keep your business-critical data in the applications where it can be managed and monitored, not in spreadsheets or other unmanaged databases,” Dunne said.
“Employee data is sensitive data just like customer, financial, or IP-related data. Enterprises should invest in an HRM system and make sure that they have good access control and data loss prevention in place to limit the risk of potential damage from employee data loss.”
He added that there is a great divide in attitudes when it comes to stakeholders involved in a ransomware attack.
“Shareholders are often torn, as making information about a breach public can often sink a stock price dramatically, but on the flip side, expectations can be managed better when the public is informed as early as possible about a breach,” he stated.
Shared Assessments CISO TOM Garrubba said there was a misconception among some companies that they only had to disclose ransomware information if there were publicly traded.
“Regardless of your industry, trying to keep such cards close to the chest can hinder the long-term ability of improving your cyber hygiene to fend off future events. By believing lightning doesn’t strike twice, therefore, the organization may refuse to properly fund needed improvements to your cyber hygiene,” he said.
“This poses a false sense of security that by dodging the bullet of ‘going public’ the attitude may be one of ‘it won’t happen again’ since no one really knows about it. And if it does happen again and details leak of a previous breach? You may then see a rot in both your consumer base along with your business dealings as your reputation tarnishes. The overall key to success in this instance is transparency. It truly is a ‘currency’ in this world.”
Protection Against Ransomware
Ransomware attacks continue to be a major threat to companies worldwide, no matter what the size. It is clear that despite the media coverage, business owners are not taking the right steps to protect their profits. There are tools to ensure protection against malware strains like Ransomware. One of these tools is SaferNet.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.