On July 30th, BleepingComputer began following an outage for one of Canon’s websites, image.canon. After Canon posted a status update, BleepingComputer initially believed it was due to a cyber-attack rather than a simple service outage. BleepingComputer received images from a source on August 5th showing a message from Canon’s internal IT department about “wide spread system issues affecting multiple applications, Teams, Email, and other systems.” Several Canon-owned domains are currently affected and a partial ransom note confirming Maze’s involvement has been shared. When contacted, the Maze operators claimed to have stolen 10TB worth of data as part of the attack and denied being responsible for the initial image.canon outage.
Maze, like most ransomware, typically begins an infection cycle through phishing, poorly secured Remote Desktop (RDP) or exploiting an Internet-facing system. Educating employees on phishing and security awareness can go a long way in preventing all types of malware infections. Network and server administrators should avoid exposing RDP to the Internet whenever possible. If remote access is needed, it should at least be protected a corporate VPN or multi-factor authentication. Managed security services such as the Binary Defense Security Operations Center (SOC) can provide 24/7 monitoring to quickly detect, contain and alert security teams to threats before they have the chance to spread throughout the network.