Mattel's July cyberattack potentially connected to the malicious software known as Trickbot.
In a significant development, toy manufacturer Mattel fell victim to a ransomware attack on July 28, 2021. The attack, which resulted in a number of systems being encrypted, was traced back to the notorious Trickbot malware, according to sources reported by Bleeping Computer.
However, the group responsible for the attack was not explicitly identified in available search results. While Microsoft has been pursuing Trickbot's operations since October, aiming to eliminate its critical operational infrastructure, the company conceded that there is not always a straight line to success.
In the aftermath of the attack, Mattel was able to contain the situation, but some operations were impacted and then restored. A forensic investigation found no evidence of business or retail customer, supplier, consumer, or employee data being exfiltrated.
The incident highlights the ever-present threat of ransomware attacks and their lingering, less predictable financial losses. Mattel carries cyber and business continuity insurance, but there is no guarantee that all costs incurred as a result of the cyber event will be covered.
Mattel is also facing additional privacy regulation challenges. California residents voted on Proposition 24, or the California Privacy Rights Act (CPRA) on Tuesday. If passed, the CPRA, also known as CCPA 2.0, would prevent companies from collecting any consumer data necessary to provide their services.
Compliance for regulations, including GDPR and the CPRA, impose 'significant costs and challenges that are likely to increase over time.' Mattel has expressed significant uncertainty around privacy and data protection laws and how they are interpreted, potentially creating 'inconsistent or conflicting requirements.'
As of the publication, 72% of California's vote has been tabulated, with 56% of constituents voting 'yes' for the CPRA.
Interestingly, Ryuk's activity dropped off the radar between the onset of the pandemic in the U.S. until September, with potential activity in July being an outlier. The main threat group perpetrating Ryuk, UNC1878, has started using BazarLoader or BazarBackdoor for initial access, in addition to Trickbot and Emotet.
Microsoft reported disrupting 94% of Trickbot's command-and-control servers and other infrastructure functions by mid-October. Mattel, for its part, reported no material impact on operations or its financial condition as a result of the cyber event.
Nevertheless, the company noted that any delay or disruption to its systems, including cyberattacks, could lead to violations of privacy laws, loss of customers, or loss, misappropriation, or corruption of confidential information, trade secrets, or data.
In conclusion, the ransomware attack on Mattel serves as a reminder of the ongoing threats posed by cybercrime and the increasing complexity and costs of complying with privacy regulations. As these challenges evolve, companies must remain vigilant and adapt to protect their systems and data.
Read also:
- Top 15 Pivotal Risks to Mobile Application's Security
- UK manufacturing halt extended to three weeks due to cyber attack at JLR factory
- Revising the title: Redefining "Bring Your Own Device" Policies for a Secure and Flexible Workspace in the Hybrid Work Environment
- "Global VPN Day: Is it a shield for privacy or a gap needing sealing? Exploring the implications"
