Olympus Investigates Potential Cyber-attack
Olympus has launched an investigation after detecting a potential cybersecurity incident in part of its IT system.
The Japanese manufacturer of optics and reprography products said that suspicious activity was spotted on October 10. The possible threat is affecting the company’s systems in the United States, Canada, and Latin America.
Digital forensics experts are looking into the security issue, which Olympus said it is “working with the highest priority to resolve.”
While the specific nature of the cybersecurity incident has not been confirmed by the company, Olympus said it was working to contain the threat. Part of the company’s response has been to shut down the systems that were affected.
“As part of the investigation and containment, we have suspended affected systems and have informed the relevant external partners,” said the company in a statement published October 12.
Olympus said that it is “working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way,” then apologized for any inconvenience caused by the incident.
The investigation into the incident is ongoing. However, Olympus has stated: “The current results of our investigation indicate the incident was contained to the Americas with no known impact to other regions.”
“If this is another ransomware case, it points to an alarming trend,” said Heather Gantt-Evans, CISO at SailPoint.
“Organizations are at risk of repeat attacks, whether that’s from the threat actor that breached their systems the first time, or one of their affiliates. They may also employ double extortion tactics where even after the ransom is paid to unencrypt the data, the threat actor will request more money later on to not release the victim’s stolen data publicly.”
Commenting on action Olympus should take, Gantt-Evans said: “A focus on understanding root-cause and bolstering data recovery capabilities is paramount once the effort of containment and eradication is complete.
“Threat actors will walk right back into the front door they used the first time if you continue to leave it open. They will also leave footholds in the network for re-entry if you do not investigate and eradicate properly.”