When you hear about a data breach occurring, there’s a high chance that the attacker used some form of ransomware as part of the attack chain. Typically, threat actors use privilege escalation and lateral movement as part of their progression through the network until they get to the central data stores and the domain controller. Once they’ve exfiltrated data, they then deploy the ransomware to cover their tracks and encrypt the target’s system.
The next step is then a ransom note and instructions to follow in order to receive the decryption key for the target to get access back to their systems. The ransomware gang may also ask for a ransom to ensure that the information they’ve stolen isn’t released for sale to adjacent operators.
That’s what makes the March attack against the Japanese tech conglomerate Fujitsu so interesting. Fujitsu recently completed its forensic investigation into the attack, and discovered that customer data was in fact stolen. The attack is interesting in the flood of ransomware events because there was not a single line of ransomware code anywhere in the attack chain.
Rather, Fujitsu said that the threat actor used a “sophisticated mechanism to evade detection,” according to BleepingComputer reporting. This is not an unusual method as part of an attack chain, and is common among ransomware groups to avoid triggering protection technologies deployed within an organization. This blog will examine what we know about the Fujitsu attack.
Overview of the Attack
In March 2024, Fujitsu revealed that malware had infected one of its corporate computers. “We have confirmed the presence of malware on several of our business computers, and as a result of our internal investigation, it has been discovered that files containing personal information and information related to our customers could be illicitly removed,” read a Fujitsu notice at the time.
“After confirming the presence of the malware, we promptly isolated the affected business computers and have taken measures such as strengthening the monitoring of other business computers.”
The malware spread to 49 computers before Fujitsu was able to lock down the infected machines. As part of the investigation, they determined a single point of compromise that allowed the malware to spread. Fujitsu said that the attack was confined to the Japan-based network and did not spread to any of the other global offices.
More than Ransomware Stymies Defenders
Ransomware is certainly one of the most significant threats to critical data, but as the Fujitsu attack demonstrates it is not the only one. Threat actors have multiple tools at their disposal to exfiltrate data from corporate systems. Fileless malware that leaves minimal traces behind as it moves through the architecture is one. Another is evasive malware specifically designed to avoid detection.
Companies would do well to ensure they deploy data-centric defense to track the location of their information and who has access to it. Only through leverage security attached directly to data can you be assured that threat actor activity is caught before they can do too much damage.
How Sotero Secures Critical Data Against Attack
The Sotero platform prioritizes data-centric security instead of focusing on securing storage databases. The approach involves a comprehensive strategy to safeguard data at every stage – in transit, at rest, and in use. It’s a necessary move in a world where traditional perimeter defenses are insufficient and cloud data may be stored in any number of databases with varying security. The significance of this approach lies in its ability to provide robust protection against a wide range of cyber threats, directly addressing the vulnerabilities inherent in modern data ecosystems.
Additionally, Sotero leverages Data Security Posture Management (DSPM), which involves continuously monitoring, assessing, and enhancing data security posture across all environments. DSPM ensures that data security measures align with the evolving threat landscape, compliance requirements, and basic best practices. The benefits of DSPM include enhanced visibility into data security risks, improved compliance with regulations, and a more resilient defense against cyber threats.
As storing critical enterprise data in the cloud becomes more commonplace, and threat actors continue to seek out organizations with lax practices, securing data in transit and at rest becomes even more vital. Deploying data-centric security like Sotero is thus vital in an environment where ransomware becomes more common and data breaches result in even greater damages to consumers and businesses alike. Sotero’s data-centric security platform can help solve these challenges and protect companies now and in the future.
To learn more about Sotero, request a demo today.