Threat Watch

Bose Discloses Ransomware Incident from March

Audio equipment manufacturer Bose has notified the New Hampshire Office of the Attorney General of a “sophisticated cyber-incident that resulted in the deployment of malware/ransomware.” Bose discovered the incident on March 7th. Third party security experts were hired to restore affected systems and to determine whether any data had been accessed by attackers. With their assistance, no ransom was paid, and all systems have been recovered.

The notice from Bose stated, “During our investigation, we identified a very small number of individuals whose data was impacted, and we sent notices to them directly in accordance with our legal requirements.”

On April 29th, Bose determined that the attackers had been able to access a number of spreadsheets maintained by HR that contained current and former employees’ personal information. Names, Social Security numbers compensation and other information was made available in the spreadsheets. By May 19th, Bose had notified all individuals whose data had been accessed. Bose has also worked with third parties to monitor for any leaked data, though none has been found.

ANALYST NOTES

While Bose has not yet found evidence of leaked data, this is unlikely (though not impossible) to be the case for long. Most well-known ransom groups now exfiltrate as much data as they can before encrypting systems, attempting to gain as much leverage over the victim as possible. Bose has taken a number of steps to prevent future attacks, including enhanced logging and monitoring, forced password resets for all end-users and privileged users and changing passwords to all service accounts. Although Bose recovered from the attack relatively quickly, not all companies are so lucky. Binary Defense highly recommends reading and implementing steps from the CISA (Cybersecurity & Infrastructure Agency) and NCSC (National Cyber Security Centre) ransomware guides. These guides contain detailed information that any organization can use, describing in detail how to backup and protect data, create incident response plans and more.

https://www.bleepingcomputer.com/news/security/audio-maker-bose-discloses-data-breach-after-ransomware-attack/