Gaming company Capcom hit by cyberattack

[steven36]

The Resident Evil developer first spotted signs of the intrusion on Monday and took swift action to prevent the attack from spreading across its systems

 

 

 

 

Japanese video game developer Capcom has disclosed that it was the victim of a cyberattack that affected some of its systems. The publisher of a long list of popular franchises, including Street Fighter and Resident Evil, first noticed signs of the intrusion on Monday before apparently taking swift action to prevent the attack from spreading across its systems.

 

“Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers,” reads the notice on the company’s website.

 

While the company did not disclose the culprit behind the attack or the method through which its systems were breached, it did confirm that an unknown third-party gaining unauthorized access to its systems, which led Capcom to suspend some of its operations on its internal networks.

 

 

The game developer claimed that currently there is no evidence to suggest that any that customer information was compromised. Having said that, it may be too early to make any conclusions as the investigation is still ongoing.

 

The company went on to assure players that the incident had no bearing on the connections used to play the studio’s games online, nor did it hinder access to its websites. However, Capcom did issue an apology to any of its stakeholders who were inconvenienced by the situation.

 

The Japanese game publisher also shared an announcement warning that it won’t be responding to contact requests made through its investor relations form.

 

“We are currently unable to reply to inquiries and/or to fulfill requests for documents via this form following the network issues that began November 2, 2020,” said Capcom. In the meantime, the company is working with the police and authorities to investigate the incident, as well as to restore its systems to normal running order.

 

While the intruders don’t seem to have got their hands on people’s personally identifiable information, data harvested from security breaches is often used for phishing attacks. So if you have a Capcom account, you’d be well advised to remain vigilant.

 

With the gaming industry projected to be worth US$200 billion by 2023, it’s no wonder that both companies and players prove to be an attractive target for threat actors. Content delivery network provider Akamai stated that it observed over 10 billion credential-stuffing attacks within the industry over a two year period between July 2018 and June 2020, and over 3,000 distinct Distributed Denial-of-Service (DDoS) attacks targeting the gaming industry between July 2019 and June 2020.

 

Source

[Karlston]

Capcom: Up to 350,000 people could be affected by ransomware leak

Investigation continues into encrypted files and deleted logs.

Enlarge

23 with 23 posters participating

 

Earlier this month, Capcom revealed that there had been "unauthorized access carried out by a third party" on its internal computer systems, but the company added that "at present there is no indication that any customer information was breached." This morning, though, Capcom revealed more details of the "customized ransomware attack" affecting its internal systems, potentially including the leak of personal information for up to 350,000 people.

 

After a two-week investigation, the Japanese company says it can only confirm that personal information was accessed for current and former employees. But the list of "potentially compromised" people is much larger, including callers to Capcom's Japanese help desk, Capcom Store customers, members of Capcom's North American esports teams, company shareholders, and former applicants for Capcom jobs.

 

The information revealed in the attack generally includes names, addresses, phone numbers, and email addresses. But current and former employees had their passport information and signature revealed, Capcom says, while job applicants may have had personal photos leaked.

 

Capcom notes that credit card information, which is "handled by a third-party service provider," should be safe. Access to the company's online games and websites should also be unaffected.

 

The attack also revealed some of Capcom's internal business documents, including release and marketing plans and sales expectations for current and upcoming titles. Some of that information has already begun circulating on gaming forums and Twitter.

Pay up or pay the price

Capcom, which publishes major gaming franchises including Resident Evil, Monster Hunter, and Street Fighter, says it shut down its internal network on November 2. Shortly thereafter, the company determined it had been hit by "a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers."

 

The attack was reportedly organized by "a criminal organization that calls itself Ragnar Locker," which demanded a ransom to unlock the data and prevent it from leaking. The BBC reports that Ragnar Locker posted a message on its dark-net webpage saying Capcom didn't "make a right decision and save data from leakage," suggesting the company decided not to pay the ransom demand. Ragnar Locker's note also suggests it has more Capcom data that it has yet to release.

 

The investigation into the precise nature of the attack took so long in part because it was "carried out using what could be called tailor-made ransomware... aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs."

 

Capcom says it is working with international law enforcement officials in the aftermath of the attacks and has commissioned third-party security companies to evaluate the attack and beef up internal information security.

 

 

Capcom: Up to 350,000 people could be affected by ransomware leak

 

[mood]

Capcom confirms at least 16,000 people affected by Nov. data breach

"Sales reports, financial information, [and] game development documents" also got out.

 

Enlarge

 

Back in November, Capcom announced that personal data for up to 350,000 people may have been revealed by a "customized ransomware attack" on its systems. Today, the company announced that the number has grown to 390,000 potential victims, including over 16,000 confirmed to have had their information compromised.

 

 

The group of 16,415 people whose personal data was definitely taken is primarily made up of Capcom business partners and current and former employees, who had their name, email address, and other contact information revealed.

 

Capcom is also now confirming earlier suspicions that company information, including "sales reports, financial information, game development documents, [and] other information related to business partners," was taken during the attack. Documents matching that description have been circulating around certain corners of the Internet since November.

 

In addition to the confirmed breaches, Capcom now says that roughly 58,000 job applicants are newly among those potentially affected by the data breach. But Capcom says it "currently does not see evidence for the possibility of data compromise" for about 18,000 people who used the Capcom North America store or participated in Capcom's North American esports teams.

 

Capcom is reiterating that individual credit card data—which is handled by a third-party provider—was not at risk in this attack. Capcom also says the affected servers are "unrelated to those systems used when connecting to the internet to play or purchase the company's games online," so those who merely play Capcom games shouldn't have to worry.

"Capcom would once again like to reiterate its deepest apologies for any complications or concerns caused by this incident," the company writes. "As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavor to further strengthen its management structure while pursing legal options regarding criminal acts such as unauthorized access of its networks."

 

 

Source: Capcom confirms at least 16,000 people affected by Nov. data breach

[mood]

Capcom adds another 40,000 users to its estimated data leak

The company estimates up to 390,000 users are affected

 

 

A ransomware attack launched against gaming company Capcom last November is much worse than originally reported.

 

In a statement, the company behind hit games such as Resident Evil, Street Fighter, and DarkStalkers said the attack potentially compromised up to 390,000 users’ data — 40,000 more than the company initially thought.

 

Capcom discovered the data breach, which the company said impacted personal and corporate data, in early November 2019.

 

Initially, the company had confirmed the data leak affected only nine people and estimated the total impact to be 350,000 people. In a new update, Capcom said the company has verified the breach compromised an additional 16,406 users' personal information, bringing the number of confirmed users impacted to 16,415.

 

The company said its investigations were ongoing, and it's “possible that new facts may come to light going forward.”

“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the statement said.

 

Capcom added that none of the at-risk data contains credit card information. “All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally,” read the statement.

 

The company also said the areas this attack impacted are unrelated to systems used when connecting to the internet to play or purchase the company's games online. These have continued to use an external third-party server or an external server. 

“As such, these systems have been unaffected by this ransomware attack and it is safe for Capcom customers or others to connect to the internet to play or purchase the company's games online,” the company said.

 

Niamh Muldoon, global data protection officer at OneLogin, told ITPro that ransomware is the one activity that has a high direct return on investment out of all the cyber crime activities. 

“Taking the global economic environment and current market conditions into consideration cybercriminals will, of course, continue to focus on their efforts to this revenue-generating stream. Remember that your employees are your most valuable assets both from a security threat awareness perspective but to provide valuable insights into the pulse and culture of the organization so it's important to keep a close eye on the ground,” Muldoon said.

“The key message here is no one, industry or company, is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure you and your critical information assets remain safeguarded and protected against it."

 

 

Source: Capcom adds another 40,000 users to its estimated data leak

[mood]

Capcom: Ransomware gang used old VPN device to breach the network

 

 

Capcom has released a fianl update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.

 

In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network.

 

In typical fashion for human-operated ransomware attacks, the threat actor stole sensitive information before encrypting devices on the network.

 

Ragnar Locker stated that they had stolen 1TB of Capcom sensitive data and demanded a ransom of $11 million in exchange for not publishing the information and offering a decryption tool.

Compromised VPN device

Today, Capcom announced that restoring the internal systems affected by the attack is almost finished and that the investigation into the incident has completed.

 

Investigators discovered that Ragnar Locker operators gained access to Capcom’s internal network by targeting an old VPN backup device located at the company’s North American subsidiary in California.

 

From there, the attacker pivoted to devices in offices in the U.S. and Japan and detonated the file-encrypting malware on November 1st, causing email and file servers to be taken offline. Below is a simplified depiction of the incident.

 

source: Capcom

 

Capcom says that it was in the process of boosting network defenses when Ragnar Locker threat actor breached its network. The compromised VPN device was on its way out as new models had been installed.

 

However, on the background of the pandemic pushing for remote work, the old VPN server continued to function as an emergency backup in case of communication problems.

 

The company’s final assessment regarding the data breach is that 15,649 individuals have been impacted; that’s 766 less people than initially announced in January 2021.

 

The information did not include payment card details, only corporate and personal data that includes names, addresses, phone numbers, and email addresses. Capcom is currently notifying affected individuals.

Ransom not paid

Regarding the ransom, the game maker says that the threat actor left on encrypted systems a message that did not mention any price, just instructions to contact the attacker to engage in negotiations.

 

Capcom ransom note created in attack

 

Indeed, ransomware attacks these days rarely give price details in the ransom note. Most of the times, these notes give victims step-by-step instructions on how to get to communicate with the attacker to learn the ransom and start negotiating it.

 

Capcom says that following consultations with law enforcement, it did not engage Ragnar Locker ransomware operator and made no effort to contact them. This decision made the attacker leak company data a few weeks after the breach.

 

The investigation results published today show that the game maker was hit at a bad time, when its efforts to transition to better defenses were slowed down by measures to adapt to the COVID-19 pandemic.

 

Part of Capcom's increased security measures since the cyberattack are a security operations centre (SOC) service that keeps an eye on external connections and an endpoint detection and response (EDR) system to check for unusual activity on PCs and servers.

 

 

Source: Capcom: Ransomware gang used old VPN device to breach the network