BreachExchange mailing list archives
Ray-Ban parent company reportedly suffers ransomware attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 22 Sep 2020 09:25:25 -0500
https://www.techradar.com/news/ray-ban-parent-company-reportedly-suffers-ransomware-attack Italian luxury eyewear company Luxottica appears to have fallen victim to a ransomware attack that took down its services in Italy and China. Owner of popular brands including Ray-Ban and Oakley, the conglomerate employs circa 80,000 people worldwide across its various business segments. Customers first noticed something was amiss when the websites of Luxottica-owned Ray-Ban, Sunglass Hut, LensCrafters, EyeMed and Pearle Vision went down. Company web portals one.luxotrica.com and university.luxottica.com were also unavailable, this time serving up a maintenance alert. Reports from Italian publication Ansa, meanwhile, suggest the service outage was caused by “computer system failure” and that employees working out of Italian offices in Agordo and Sedico were sent home as a result, with work made impossible. Luxottica cyberattack While Luxottica has not yet confirmed the cause of the outages, early signs suggest a cyberattack - and likely ransomware - is responsible. According to security firm Bad Packets, Luxottica operates a Citrix ADX controller that suffers from a critical vulnerability that could allow a hacker to execute code on a target machine. Citrix released a patch for the flaw back in January, but not all organizations have installed the relevant update and the exploit remains a popular attack vector among ransomware operators. “Exploits of this issue on unmitigated appliances have been observed in the wild. Citrix strongly urges affected customers to immediately upgrade to a fixed build OR (sic) apply the provided mitigation,” warned the networking giant. Only last week, for example, the vulnerability was used to launch an attack on a German hospital with devastating effects, illustrating the destructive potential of ransomware. Luxottica has not yet responded to our request for comment on the nature of the outages and whether or not ransomware is responsible. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Ray-Ban parent company reportedly suffers ransomware attack Destry Winant (Sep 22)