Analysis Summary

Fujitsu affirms that during the data breach discovered earlier this year, information about specific individuals and customers' businesses was compromised.

According to the Japanese company, the threat actors used a highly developed technique to avoid detection while obtaining the data instead of utilizing ransomware. Fujitsu announced in March that it had found malware on multiple of its systems and that there was a chance that private customer data might have been exposed. To ascertain the extent of the breach, Fujitsu separated the affected systems and commenced an investigation with the assistance of outside experts.

The company said in a statement recently that it has completed its investigation into the event and verified that malware that started on a single compromised computer spread to 49 different computers to steal data. This malware is not ransomware; instead, it uses advanced disguising techniques to evade detection. It was found to be an extremely sophisticated attack.

According to Fujitsu, as soon as the attack was discovered, the 49 compromised systems were isolated, and the malware was limited to the network environment in Japan. The company says that the malware's actions led to the execution of commands to copy files. It is possible that the data was exfiltrated because of this. Information about customers' businesses and some individuals' personal data were included in the files that may have been copied.

Furthermore, Fujitsu states that it has not been notified of any exploitation of the leaked data. After the malware and incident were analyzed, Fujitsu updated the malware detection program and put security monitoring guidelines in place for all firm business systems to stop future attacks of this kind.

Impact

• Sensitive Data Theft
• Information Exposure
• Data Exfiltration
• Command Execution

Remediation

• Ensure all operating systems and software are up to date with the latest security patches.
• Employ reliable antivirus and antimalware software to detect and block known threats.
• Regularly update these tools to maintain the latest threat intelligence.
• Implement IDPS to detect and prevent unusual network activity, system behavior, or similar threats.
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Use email filtering solutions to block malicious attachments and links that may deliver malware to users via phishing emails.
• Segment your network to limit lateral movement for attackers.
• Employ application whitelisting to only allow approved software to run on systems, reducing the risk of unauthorized applications being executed.
• Implement robust monitoring solutions to detect any unusual or suspicious activities, such as unauthorized access attempts or data exfiltration. Establish an effective incident response plan to respond to and mitigate any potential breaches quickly.
• Make sure all of your software, including your operating system and applications, is up-to-date with the latest security patches. This can help prevent vulnerabilities that info-stealers and other types of malware could exploit.