Threat Watch

MENA IKEA Locations Affected by Vice Society

IKEA locations in Kuwait, Morocco and possibly Jordan have suffered an apparent cybersecurity incident as confirmed by a spokesperson for the company. Earlier this week, the breach was claimed by Vice Society after evidence was posted to their leak site. It appears as if Vice Society was able to access some business and employee data based on the filenames that they shared. In total between the three countries, there are nine stores, and it’s unclear at this time if all store locations in the respective countries were affected. Since these locations are independently owned, IKEA locations outside of those in the countries that were named are not impacted at this time.

ANALYST NOTES

Vice Society tends to target organizations that have the potential to pay out higher ransoms. To protect against Vice Society and other ransomware groups, companies should consider adopting a defense in depth strategy. Some suggestions for protecting against ransomware from the FBI and CISA include:

• Maintain offline backups of data, and regularly maintain backup and restoration. By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data.
• Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure. Ensure your backup data is not already infected.
• Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
• Implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy.
• Document and monitor external remote connections. Organizations should document approved solutions for remote management and maintenance, and immediately investigate if an unapproved solution is installed on a workstation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).

https://therecord.media/ikea-investigating-cyberattacks-on-outlets-in-kuwait-morocco/?web_view=true

https://www.cisa.gov/uscert/ncas/alerts/aa22-249a