Cybersafetyconnections April 15th, 2024, vol# 164
- According to konbriefing there was a cyberattack on MotorCycle Holdings / Sherco, Lambretta, located in Springwood, Queensland, Australia.
- The company, customers, shareholders and stakeholders were impacted.
- No threat actor has been identified yet.
- This cyberattack may have happened because of weak controls at the third party hosted server.
- MotorCycle Holdings took steps to mitigate loss from the cyberattack and Copilot also provided input of loss prevention.
What happened?
From cyberdaily.au MotorCycle Holdings, an ASX-listed company, recently suffered a data breach due to unauthorized access gained by a threat actor to a web server hosted by a third-party vendor.
Who was impacted?
Stakeholders for a cohesive and sustainable world
MotorCycle Holdings, its customers, shareholders and stakeholders.
Why did this happen?
Could we say because the websites were hosted on a third-party webserver the threat actor was able to gain access and inserted malicious code into the websites? There is information that the company’s internal system is secure.
Which criminal group is responsible?
No threat actor has been identified yet.
How MotorCyle Holdings mitigated loss from cyberattack
OWASP Threat and Safeguard Matrix
The steps taken to mitigate loss are discussed below along with Copilot suggestions.
- MotorCycle Holdings is notifying affected customers individually, while those not contacted were not impacted by the breach.
- Fortunately, the company’s internal systems remain secure, as the attack targeted a third-party vendor.
- However, the party responsible and their motivations remain unknown, and any material or financial losses resulting from the breach are yet to be determined.
- MotorCycle Holdings pledges to keep customers, shareholders, and key stakeholders informed as their investigation continues1.
Copilot on:
How to mitigate the loss form cyber-attack on Motocycle holding
To mitigate the impact of a cyber-attack on MotorCycle Holdings, consider implementing the following measures:
- Craft a Disaster Recovery Plan (DRP):
- Develop a comprehensive DRP that addresses data protection, data restoration, offsite backups, system reconstitution, configurations, and logs. Continuously review and update this plan1.
- Immediate Response Strategy:
- Act Proactively: Implement the prepared and practiced game plan immediately after a cyber attack. This helps reduce the impact of business interruption and facilitates efficient recovery for lost income and mitigation expenses2.
- Assess Damage: Understand how the breach occurred to prevent cybercriminals from replicating the attack. Evaluate the extent of damage to enhance network security and patch vulnerabilities3.
- Communication and Transparency:
- Notify Affected Customers: Reach out to customers individually if their personal information is exposed. Provide clear communication about the breach.
- Keep Stakeholders Informed: Regularly update customers, shareholders, and key stakeholders as the investigation continues4.️
Learn more
1jpmorgan.com2policyholderperspective.com3bdo.com4cyberdaily.au
Copilot on:
How can they prevent similar incidents in the future?
To prevent similar incidents in the future, organizations can take several proactive steps:
- Incident Response Plan (IRP):
- Develop a comprehensive IRP that outlines procedures for detecting, containing, and recovering from incidents. Regularly review and update this plan to stay prepared1.
- Apply Security Patches: Ensure timely application of security patches and updates to prevent vulnerabilities that attackers exploit1.
- Remove Malware and Unauthorized Accounts: Regularly scan systems for malware and unauthorized accounts, removing them promptly1.
- Implement Additional Security Controls: Strengthen security by adding extra layers of protection, such as firewalls, intrusion detection systems, and access controls1.
- Post-Incident Analysis:
- Conduct a thorough analysis of the incident to extract valuable lessons.
- Implement measures based on these lessons to prevent similar incidents in the future1.
- Share Information:
- Share indicators of compromise through trusted channels to help other institutions detect and prevent similar incidents2.
- Continuous Improvement:
- Continuously monitor and analyze incident data to identify trends.
- Implement changes to improve incident management and prevent future incidents3.
Learn more
1wirexsystems.com2er.educause.edu3splunk.com4ask-ehs.com5ideagen.com6resolver.com+2 more
Conclusion
Remember that cybersecurity is an ongoing effort, and organizations must remain vigilant to protect against evolving threats. 🛡️
Subscribe to get the latest post.