Portuguese media conglomerate Impresa, which owns Portugal’s largest television channel SIC and Portugal’s largest weekly newspaper Expresso, is suffering an ongoing breach by ransomware gang Lapsus$. Over the New Year holiday, Impresa’s IT server infrastructure was taken offline. Websites for the Impresa group, the Expresso newspaper, and the SIC TV channels are offline, which includes SIC’s streaming services. Airwave and television broadcasts are operating normally. The Lapsus$ criminal group claimed responsibility for the breach by posting a ransom note on all of Impresa’s websites, also claiming that the group has breached Impresa’s Amazon Web Services account. The group also tweeted from Expresso’s verified Twitter account today to demonstrate continued access despite actions taken by Impresa to secure its websites by placing them in maintenance mode.
The Lapsus$ group utilized their access to send out a number of false or defacing media reports, including a spurious claim that Portugal’s president was indicted for murder. Organizations are advised to regularly update and maintain incident response and disaster recovery plans that include regularly tested backups for data, services, and infrastructure. These costs are often a fraction of the total losses to shareholders that include brand dilution, loss of consumer, lender, and corporate partner confidence, legal costs for consumer confidential breach, as well as interruption of services. In Impresa’s case, these costs would also include loss of advertising revenues over the New Year holiday.
Binary Defense has an informative 4 part blog series on securing AWS infrastructure with an extensive list of further references which can be found here: