[:en]RaaS – Ransomware as a Service “Make Ransomware great again” … and the end of Continental?[:]

[:en]

RaaS – Ransomware as a Service “Make Ransomware great again” … and the end of Continental?

No, don’t get it wrongly! We do not engage in any illegal cyber activities!
We help organization to become more resilient in an every increasing weathers on the cyber shark ocean.

Ransomware is the dominant threat in cyber-attacks. According to Malwarebytes, Lockbit is leading a group of three dominant ransomware gangs, with 59 attacks in October 2022 alone, followed by ALPHV (28) and Black Basta (25). Although some progress against the criminals becomes visible, e.g. the Lockbit arrest of a dual Russian-Canadian national, who is in custody in Bradford, ON, Canada to be extradicted to the US. Though, due to missing reporting requirements, underestimation of the threat or other far-reaching reasons that allow successful attacks, combatting cyber crime is a growing monumental challenge.

As a prominent example:

The most aggressive group, Lockbit 3.0, seem to have infiltrated into one of Germany’s large automotive companies, Continental, already in August 2022, though it was only on 15. November 2022 that the press spread the news.

On 24. August 2022, Continental postulated on their website to have averted a cyberattack. “the technology company maintains full control over its IT systems. According to current information, the IT systems of third parties have not been affected…”.

On 7. November 2022, the German “Handelsblatt” reported: “Cyber attack on Continental: Ransomware group apparently captures 40 terabytes of data. A significant amount of data has been leaked in an attack on the DAX-listed corporation. Chat logs show that the hackers are demanding a ransom.” According to the Handelsblatt news of 15. November 2022, captured data include very sensitive information “about Continental’s customers, employees and business partners are also likely to be affected.” The list published by the attackers in the Darknet, is “almost eight gigabytes in size and shows the storage paths of 55 million files. According to the hackers, these all originated from Continental servers. The list includes budget, investment and strategy plans, documents from the human resources department, as well as confidential documents and communications from the executive and supervisory boards. Correspondence from Supervisory Board Chairman Wolfgang Reitzle is apparently also affected.”

Apparently, such event was not considered as severe, otherwise as an investor (and professor as well as institute director on compliance and corporate governance) I would have expected an ad hoc message being published according to the to adjust my investment decisions…

Continental themselves postulate to be a technology company driving the digitization in the automotive space “pioneering technologies and services for sustainable and connected mobility of people and their goods. Founded in 1871, the technology company offers safe, efficient, intelligent and affordable solutions for vehicles, machines, traffic and transportation”.

In the 2021 Annual Report, the word “cyber”, “IT” or “security risks” showed up only twice (report of the supervisory board, general remarks on product portfolio). No evidence on important of this area can be seen, i.e. that this is a key area with adequate investments and operational focus.
With a new CFO since Dec. 2021, being responsible for Group Information Systems as well, it does not really look like the focus has been put on an organizational resilience it takes to counter what is the dominant business risk: cyber-attacks.

Time will show if Continental can circumvent a massive business impact (the share price is comparatively at ease), and what the lessons learnt are from this critical event, OR … if it already presents the end after 151 years of existence…

What it takes to establish firm preventive measures, and to have teams, processes and tools at hand for fast reaction and recovery and to establish cyber resilience, is a highly individualized task that require a holistic approach and operational excellence to implement: (IT)security is a process and need to be lived up to, data protection is a result of it. We help you to discover effective and efficient ways how to implement cyber resilience.

[:]

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
language	1 year	This cookie is used to store the language preference of the user.

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.