Rewterz Threat Update – LockBit Ransomware Attacks Kyocera AVX and Impacts 39,000 Individuals

Severity

High

Analysis Summary

A data breach at Kyocera AVX Components Corporation (KAVX) has exposed the personal data of 39,111 individuals after a LockBit ransomware attack.

KAVX is a manufacturer of advanced electronic components in America, and a subsidiary of the Japanese semiconductor company Kyocera. It has over ten thousand employees with an annual revenue of $1.3 billion.

The company recently sent out a notification talking about the data breach to the affected people, saying that the breach was discovered on 10^th October, 2023 and the attackers had access to the systems between 16^th February and 30^th March of this year.

The cybersecurity incident affected some of the company’s servers and caused the encryption of some systems as well as temporarily disrupted certain services. The data that was on the impacted servers had personal information of people across the world.

“We are not aware that any of your information has been misused. However, if certain types of your personal information were accessed, then there is a risk that criminals may try to use it to carry out identity theft or fraud. You should always be vigilant of fraud and wary of anyone who asks you for personal information,” reads the notice.

In response to the incident, the company declared that it will cover the costs of dark web monitoring and password leak service for a year for all affected individuals.

The notorious ransomware gang, LockBit, has claimed to be responsible of compromising KAVX on 26^th May, 2023, by adding the firm to its data leak website.

Threat actors published many samples of the stolen data that include passport scans, non-disclosure agreements, financial documents, and more. The deadline given to KAVX to pay the ransom was 9^th June, 2023. LockBit also leaked component schematics and technical drawings, which shows that they are capable of exposing proprietary designs and patented information to competitors.

Impact

• Identity Theft
• Financial Loss
• File Encryption
• Sensitive Data Theft

Remediation

• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• It is important for organizations to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.