On Monday 9th November, Facebook ads started to appear targeting the Campari Group which is still mired in the middle of a ransomware attack.
It appears the criminals behind the attack on Campari used a hacked Facebook account to place the ads in order to increase the pressure on Campari to pay the demanded ransom.
There are discernible waves of focus in the way hackers attack their victims. For a while RDP is the focus, then it is credential stuffing botnets, next it’s WordPress vulnerabilities. This could be explained by the prevalence of ‘ready to use’ hacking kits sold on the dark web. Many cyber-criminals are not particularly sophisticated, they simply buy some scripts and then deploy them widely hoping to succeed with a small percentage of their targets. The criminals at the top of the food chain develop new attacks, exploit them and then sell on their tools causing what could appear to be fashion trends in the hacking community but in reality it’s simply reflecting the take up of new tools and exploits as they become available.
When a well known criminal gang like the Ragnar Locker team (thought to be behind the Campari attack) adopts a new technique like using Facebook to add pressure to its victims, it could inspire other groups to try the same methods.
Responding to a security incident is more than a purely technical activity. Public relations, staff communications and investor relations all need to be included in your Security Incident Response plan.