On July 21, the German building materials giant Knauf group announced that it had become a target of cyber attack. Its business operations were disrupted by the attack, forcing the global IT team to shut down all it systems to isolate the impact of the incident. The cyber attack occurred in the evening of June 29. As of the publication of this article, Knauf is still carrying out evidence investigation, incident response and remediation. Knauf wrote in a brief announcement on the website home page, “we are currently working to mitigate the impact on our customers and partners.
All factories are operating normally and all businesses are offline. We apologize for any inconvenience or delay in the delivery process that may occur.” Knauf is a multinational manufacturer of building materials headquartered in Germany, with a share of about 81% in the global wallboard Market. Knauf has 150 production bases in many countries around the world, and is also the owner of Knauf insulation materials company and USG company in the United States. It is worth noting that Knauf thermal insulation material company also issued a notice about cyber attack on its website, which shows that it has also been affected. Although Knauf did not specify the specific type of attack encountered in the announcement, from the perspective of the duration of the event, the impact and the difficulty of IT system recovery, this is probably a blackmail software attack.
In fact, the blackmail software Gang named Black basta has announced on its website that Knauf was listed as a victim on July 16. This is also equivalent to declaring responsibility for the attack. The extortion software Gang also released a batch of data, which is said to be 20% of all documents stolen from Knauf during the attack.
So far, more than 350 visitors have visited these files. The black basta blackmail software Gang launched the RAAS attack for the first time in April 2022, and quickly gained fame with its dual blackmail against high-profile victims. According to the early knowledge and negotiation style, many security experts believe that black basta should be the new “vest” after conti’s transformation.
By June 2022, black basta began to cooperate with qbot (quakbot) to spread its blackmail software, and began to launch cobalt strike and assist in horizontal movement within the victim network. In addition, this group of malicious hackers also specially made a Linux version of their blackmail software to invade VMware esxi virtual machines running on Linux servers.
This is every engineer’s worst nightmare: a sudden outage of cloud service providers causes system and product failure, and angry customers complain that the service is no longer available. This could have a negative impact on the company’s reputation and call the product’s dependability into question. Even the largest and most successful companies will fail; recent examples include Facebook, Slack, and AWS.
Although not all downtime is caused by the cloud, AWS has recently demonstrated that a feasible and proactive business continuity (BCP) and disaster recovery (DR) plan, as well as the operation manual for each plan, can make a difference. One of the most important rules in disaster recovery is to hope for the best while preparing for the worst. Anyone can experience cloud disruption without warning.
Because legacy incremental backups typically take a long time to traverse the entire file system, the use of CBT (Changed Block Tracking) technology has never been more important. With Vinchin Backup & Recovery, you can easily enable the CBT feature, or the powerful Vinchin SpeedKit, which compares external and internal snapshots to quickly identify data block changes for faster incremental XenServer backups.