Subway Puts a LockBit Investigation on the Menu

  /     /     /  
Publicated : 23/11/2024   Category : security


Subway Puts a LockBit Investigation on the Menu


The foot-long sandwich purveyor is looking into LockBit 3.0 claims that it stole reams of data from the proprietary SBS network.



The Subway restaurant chain, creator of the Sweet Onion Teriyaki combo and slinger of sports-themed fast-casual sandwich deals, is investigating claims that the
LockBit 3.0 ransomware gang
was able to toast up its infrastructure.
Last week, the infamous ransomware group
claimed on its Tor leak site
that it exfiltrated [Subways] SBS internal system, which includes hundreds of gigabytes of data and all financial aspects of the franchise, including employee salaries, franchise royalty payments, master franchise commission payments, restaurant turnovers etc.
LockBit claims that it will put the information up for sale on Feb. 2 unless the ransom is paid (the amount that the group is demanding is unknown).
For its part, Subway didnt unwrap what it thought about the claims until this week, when the company issued private statements to media that its actively investigating LockBits claims, but it has not yet provided any assessments or findings.
One things certain — going after such a big hoagie of a target is out of character for the LockBit gang, so, if true, the Subway hit could signal a change in its modus operandi.
LockBits recent claim of breaching Subway has raised eyebrows, but what’s most interesting is that its not their typical gig, says Ferhat Dikbiyik, head of research at the Black Kite cybersecurity firm. Their average prey consists of companies with about $100 million in revenue, signaling that while theyve taken a bite out of a billion-dollar brand [now], the
majority of their targets are midsize or small
.
The reason for the pivot could be the presentation of sheer opportunity, he adds: An analysis of Subway with Black Kites platform confirms issues similar to other major enterprises with large attack surfaces. Many are slow to patch and, as a result, face vulnerability exploitation, a tactic of ransomware groups like LockBit. Weve seen this before with incidents like the
Boeing breach
via
CitrixBleed

Black Kite estimates that LockBit enjoyed about a fifth (21%) of global ransomware market share last year, claiming more than 1,000 victims. Thats a number that dovetails with other estimates;
a ransomware stats report this week from ZeroFox
, for example, found that LockBit accounted for more than 35% of total extortion attacks in early 2023 — peaking at almost 50% last February and 20% in the fourth quarter.
ZeroFox recommends a range of best practices as a good LockBit defense as the gang potentially expands its menu of targets:
Implement secure password policies and multifactor authentication.
Configure ongoing monitoring for compromised account credentials.
Proactively monitor for compromised accounts being brokered in deep and Dark Web forums.
Back up critical, proprietary, or sensitive data to secure, off-site, or cloud servers.
Implement network segmentation.
Develop a comprehensive incident response playbook.
Implement email protections like DMARC.
Keep versions and patching up-to-date.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Subway Puts a LockBit Investigation on the Menu