The eyewear company Luxottica, which is parent company to brands including Ray-Ban and Oakley, has suffered a ransomware attack. On Friday, users on Reddit began reporting that sites for many Luxottica-owned brands were down. The attack was severe enough that some employees in Italy were sent home. In a post to LinkedIn, an information security manager for Luxottica confirmed the ransomware attack and claimed that there “is currently no access or theft of information from users and consumers.” While not confirmed as the method of entry for the attackers, cybersecurity company Bad Packets found that Luxottica had a publicly exposed Citrix device that was vulnerable to CVE-2019-19781 which could have provided access to the internal network if successfully exploited.
Binary Defense highly recommends that organizations put in place a plan for regularly scheduled patch management. Vulnerabilities like CVE-2019-19781 and others with publicly available exploit code are very popular with ransomware attackers. Internet-facing Remote Desktop (RDP) servers with weak credentials are also a common target for attacks. Rather than allowing direct access from the internet, RDP servers should only be accessible from within the organization. Employees needing remote access could still reach the server through a VPN with strong Multi-Factor Authentication requirements for VPN access.