Risk Assessments/Management, Data Security, Breach, Threat Management, Malware, Ransomware

Fashion brand Guess hacked, DarkSide ransomware group the likely culprit


Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses.

News of the breach was first reported by BleepingComputer on Monday, though DataBreaches.net had previously reported that the DarkSide ransomware group had listed Guess on their data leak site in April. It's certainly possible that the reported ransomware and breach incidents may be linked.

In a notice issued to affected employees, contractors and customers on July 9, Guess said the incident was first discovered on Feb. 19. The company’s investigation determined that Social Security numbers, driver's license numbers, passport numbers and/or financial account numbers may have been accessed or acquired.

The pandemic has accelerated digital transformation for retailers and further shifted consumer buying habits online, which has expanded their attack surface and heightened the number of vulnerabilities and risks of a breach, said Casey Ellis, founder and CTO at Bugcrowd. He said the Guess breach should serve as a reminder for all retailers to evaluate their security processes. 

“Many retailers are relying on new systems that were built on the- ly as organizations adapted to the customer requirements of the pandemic,” Ellis said. “As a result, these systems often haven’t been properly tested in high-volume transaction environments before. Speed is the natural enemy of security, and retailers must beware of increased risks of DDoS attacks, ransomware, fraudulent purchases, [and] phishing campaigns impersonating retailers.” 

The large amount and very personal types of data collected by the organization is an extremely valuable dataset for cybercriminals if they want to steal identities, said Erich Kron, security awareness advocate at KnowBe4.  

“For this reason – unlike [how] it appears in this case – organizations are wise to limit the amount of data kept and stored in systems,” Kron said. “Since ransomware, including that from the DarkSide group and their affiliates, often targets compromised user accounts for remote access services and also typically relies heavily on email phishing campaigns, these are areas organizations should focus on securing.”

Tom Badders, senior product manager for secure mobility products and services at Telos Corporation, added that CIOs and CISOs need to prioritize technology and information assets and segment them by criticality and/or special use case. He said the personal information that was stolen in this case should have been kept behind a protected network not accessible through standard enterprise security. 

“Standard enterprise security should be used for employees to access things like corporate email or to access shareable, non-critical information on the corporate intranet, but these types of tools cannot hide network assets,” Badders said. “Cybercriminals are getting more sophisticated and are targeting the crown jewels of organizations. These types of attacks can be devastating extinction events for organizations and need to be protected at a higher level than standard enterprise level security measures. Companies must hide personal information, sensitive organizational information, intellectual property and critical research from cybercriminals.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.