The ransomware group RansomHub claims to have accessed the data of at least 500,000 of Christie’s customers globally. This data may include full names, dates of birth and nationalities.
Security leaders weigh in
Venky Raju, Field CTO at ColorTokens:
“There is a noticeable surge in the frequency of targeted ransomware attacks, a departure from the traditional mass “spray and pray” approach. This shift allows adversaries to focus on individuals or groups with perceived “deeper pockets”. The client list of a prestigious auction house like Christie’s becomes an ideal target. The non-profit Identify Theft Resource Center’s most recent data breach analysis supports this observation, showing a decline in the number of victims per compromise, indicating a rise in targeted attacks.
“Ransomware gangs can use AI-based tools to analyze the sensitive personal information gained from these attacks. They can then launch sophisticated spear-phishing attacks that use text, audio and video against the victims or their families, friends and associates.
“Organizations should strongly consider adopting a zero trust architecture. The core tenets of zero trust were developed specifically to prevent unauthorized access to data. While every organization is different, many enabling technologies, such as micro-segmentation, zero trust network access, software-defined perimeters, enhanced identity and access management, etc., can be combined to implement a zero trust architecture bespoke to the organization’s needs.”
Darren Guccione, CEO and Co-Founder at Keeper Security:
“The substantial financial transactions Christie’s conducts, together with the vast amounts of sensitive personal information it maintains, combine to create a goldmine for cybercriminals. This is just the latest in a broader trend of attackers seeking out specific industries that can afford to pay substantial ransoms to protect their business operations and reputations.
“Auction houses in particular often manage and transfer large sums of money, valuable assets and sensitive information about their clients. This is coupled with the fact that many of those clients are wealthy business or political leaders, as well as celebrities, who may be particularly concerned about protecting their personally identifiable information (PII). A ransomware attack like the one RansomHub is claiming could cause extensive damage to Christie’s reputation if the data is leaked, potentially leading to a loss of trust among their elite clients, professional stakeholders and the public at large.
“In cases where personal information is stolen, threats from the data breach will usually persist even after it’s been discovered and contained. Potential victims should take proactive steps to protect themselves from cybercriminals who will use this personal information for identity theft and targeted attacks.
“When it comes to ransomware, or any other cyber threat vector, the best offense is a good defense. A cybersecurity strategy and prudent investment are essential to prevent these types of cyberattacks, because no organization is immune. To better detect breaches more quickly, companies should be regularly monitoring network traffic for unusual activity, conduct regular security audits to identify vulnerabilities, and use log analysis to identify potential security incidents. To be proactive against breaches and limit the impact if one occurs, companies should adopt a zero trust, zero knowledge security architecture, implement access controls to restrict access to sensitive data and train employees to spot and report suspicious activity.
“If a cybercriminal is able to gain access to an organization’s networks, a privileged access management (PAM) platform can minimize the blast radius by preventing lateral movement. A PAM solution works by tightly monitoring access and activity in privileged accounts while also maintaining regulatory and industry compliance requirements. This involves authenticating users with fine-grained authentication, automation and authorization, session recording and just-in-time access. PAM also prevents privileged users from misusing their access, which reduces cyber risks.”
Jamie Boote, Associate Principal Security Consultant at Synopsys Software Integrity Group:
“Anywhere there is money somewhere on the internet, attackers have been exploiting vulnerabilities to their benefit. This is far from the first auction-related attack. There’s even a class of exploits known as “Ebay Attacks” where attackers used to exploit the 5-minute account lock-out to freeze out other bidders from raising the prices on goods they wanted to win. This was because Ebay used to list the account names of other bidders and all the attackers had to do was enter in the displayed username and a wrong password 3-5 times in succession and that user wouldn’t be able to log in and bid.
“It’s important to remember that there’s a trio of security concerns in cybersecurity — confidentiality, integrity, and availability — instead of just focusing on an attacker’s abilities to change system behavior or steal secrets. In this case, availability could have a real-world impact on the prices of those auction items. When speculating about why an attacker would want to do this, it's possible that the attacker could be doing this for notoriety, or they could be seeking to lower the prices on certain lots by reducing visibility of those items. However, if that backfires, it could end up driving more attention to the Van Gogh or the lot of rare watches if the seller doesn’t feel that they were generating enough excitement.”