Talk Morgan Forums Community Vehicle Talk (non-Morgan) Ouch - Who has been cyber hacked.

A friend who owns a red car just received this email.
Fair enough, they have owned up and are dealing with it. More than many companies have done.

Howard - change your password!


From: Ferrari.com <ferrari@mail.ferrari.com>
Sent: Monday, March 20, 2023 10:17 PM
To: redcardriver@mailtool.moc
Subject: Client Communication

We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.

CLIENT COMMUNICATION

Dear Ferrarista,

We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment. As part of this incident, certain data relating to our clients was exposed including names, addresses, email addresses and telephone numbers. Your data may have been included as part of this incident. However, based on our investigation, no payment details and/or bank account numbers and/or other sensitive payment information, nor details of Ferrari cars owned or ordered have been stolen.

We were recently contacted by a threat actor with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom as paying such demands continues to fund criminal activity and enables threat actors to perpetuate their attacks. Moreover, it does not fundamentally change the data exposure.

Upon receipt of the ransom demand, we started an investigation in collaboration with a leading global third-party forensics firm and have confirmed the data’s authenticity. In addition, we informed the relevant authorities and are confident they will investigate to the full extent of the law.

We have worked with third party experts to further reinforce our systems and are confident in their resilience. We can also confirm the breach has had no impact on the operational functions of our company.

We take the confidentiality of our clients seriously and understand the significance of this incident and for this reason we have notified you promptly.

If you would like to contact Ferrari for additional information, please email us at customerservice@owners.ferrari.com or privacy@ferrari.com where a team will be able to assist you.

We would like to take this opportunity to apologise sincerely for this event and rest assured we will do everything in our power to regain your trust.

Yours sincerely,

Benedetto Vigna
Chief Executive Officer
Ferrari S.p.A.

Rather good that they have grasped the nettle. I'd be impressed if I was an owner.

Happened to the company (a very large German trade supplier) my Mrs works for - although it wasn't just a data breach, they hacked in and immobilised every single system.They lost all the company records, stock details,SAP, website, internet, all the staff information, payroll, all the IT systems, even the phones went down.

Everything (inlcuding my details as a 'next of kin') is now up for sale on the darkweb.

They also refused to pay the ransom, and over the last month or so have been slowly rebuilding everything. At the start, there were only two mobile phones working across the entire global operation (one was my other halfs as she had performed the daily update schedule earlier than she should have, so missed the hack). One of the last things still to be fixed is the automated pick and pack operation, which is causing massive headaches for company and customers.

Lessons have been learnt and everything is being rebuilt to protect against something similar happening but just shows the power these hackers have in this automated world.

And if your having any building work done and it's being delayed, you now know why!

Clearly trying to find out why the Ferrari F1 team is so slow....

That's the exact game TBM, ransomware. Get a payload into the target customer (spearfishing) and let it settle, then spread far and wide around the systems. Then extract as much data as you can for later fun. Turn on the encryption and lock up the data on everything you can find. If they pay up then you (may) send the decryption key and let them take it back.

One of the vendors we play with (Sentinel One) has some cool roll-back tools that massively reduces this approach as well as including insurance in the offer so that should it happen (and you were correctly deployed etc etc) there is policy to help you recover. It is a more up to date approach to this scourge.

We have been looking at products that watch for these little tic's hiding inside your systems and the market is expanding rapidly. One monitors for software trying to reach out to known nasty addresses and go across the other computers within the site which is a classic action. Sadly it does not point at it and hit it with a 200lb hammer. As many tools as are installed it is the device behind the MkI eyeball in the monitoring room which is often asleep at the wheel as well.

As luck would have it, the password used for Ferrari is unique to them so no need to change.

Howard you have extraordinary faith in the Mafiosa to do the right thing

Because I was suspicious my password was compromised several times the other week, the poor cat's had his name changed three times

So no longer Cookin Fat then Jon

These days I often use the Apple iCloud "Hide My Email" system. This gives you a random email address for any new site you want to create an account for. I guess it's fine until iCloud gets hacked!