An unauthorized browser that one employee downloaded from the Internet, allegedly installed and used served as a gateway to the cyberattack on Continental. Handelsblatt reports, citing an internal company video in which the group’s IT security chief provided new details. The employee gave cybercriminals in the Lockbit group access to his user account and password, which entered the systems. There, criminals obtained access to increasingly important accounts and exploited the data for weeks without anyone noticing. It is still not clear why the browser was installed at all.
Continental did not comment on the report for online wear, but referred to the information page. It states that the employee “implemented disguised malware”.
The attack pattern could not be distinguished
The cyber attack was discovered at Continental internally on August 4, by which time the cybercriminals had been in the systems for a month. Despite this, the Lockbit group managed to download about 40 terabytes of data. In analyzing the captured data, no pattern has yet been identified, Handelsblatt continues. The Hanover-based group has held a crisis council, but the assessment will take weeks. Sensitive and privately protected data should not be affected by the HR department, but they are still searching for potentially important data.
The Lockbit group has put the data up for sale on the Darknet for US$50 million, and the directory of files contained alone is 421 MB compressed. Continental initially stated that the attack had been repelled and its IT systems were under control, with no malfunctions. The group later acknowledged the seriousness of the robbery and confirmed that it was working on clarification with the highest priority. Handelsblatt is quoted as saying that after there had been criticism before from the company about sharing too little information internally, the video created now is an improvement.
(mo)
