Maze group claims another major scalp
Pitney Bowes, a $3 billion by revenue ecommerce and shipping technology provider, has been hit by ransomware for the second time in six months.
The NYSE-listed company confirmed the attack, saying “recently, we detected a security incident related to Maze ransomware.
“We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited.”
Pitney Bowes is the second high profile victim of the Maze ransomware group in three weeks, with major IT consultancy Cognizant also targeted and breached in late April, knocking out some services.
Cognizant’s CEO admitted in a May 7 earnings call that the attack may end up costing it up to $70 million after customers suspended services in the wake of the incident, but said that the attackers were not able, in this incident, to steal sensitive corporate data (a Maze hallmark).
The attack comes as law enforcement officers told Computer Business Review that cyber criminals were becoming more sophisticated in the timing of when they trigger ransomware, which is increasingly left dormant on systems for months before being activated by attackers.
As one officer told us in a recent conversation: “They are waiting until the board are distracted or otherwise occupied by something like an IPO, a merger, or a big project and then striking; the board hear something about some pesky IT problem and just want to make it go away.”
Pitney Bowes has seen net losses spiral in the wake of the COVID-19 outbreak freezing demand for its services as global trade contracted.
The impact and initial vector of the Maze ransomware attack were not disclosed. The Maze ransomware group typically uses a range of exploits kits, remote desktop connections with weak passwords or sophisticated phishing campaigns to gain access. The ransomware itself is sophisticated, with a bag of tricks baked into its code to avoid detection by security programmes.
Pitney Bowes was hit in October 2019 by a Ryuk ransomware attack that knocked out customer portals and disrupted operations.
The company described it at the time as a “malware attack that encrypted information on some systems and disrupted customer access to our services.”
That incident did not affect its software and data products “because they do not access the backend systems of the Pitney Bowes network.”