Insider Threat: Orqa FPV Drone Goggles Malfunction Due to Ransomware Attack by Former Contractor
Croatian drone-racing goggles manufacturer Orqa FPV recently faced a time-bomb attack that left its First Person View (FPV) drones malfunctioning. The incident was a result of a conflict of interest with one of its former contractors responsible for writing the firmware code.
Reports of failures in the normal operations of the FPV.One V1 goggles started pouring in from Japan, Europe, and Turkey in late April, causing the devices to enter bootloader mode. Initially, the issue was thought to be a bug in the firmware’s date/time feature. However, Orqa later revealed that it was a ransomware time-bomb attack planned by a former contractor.
According to Orqa, the contractor planted malicious code in the bootloader of the V1 version of the goggles, intending to extort a ransom in exchange for an additional license. The contractor had been in business relations with Orqa for several years and had waited for the code bomb to detonate, ultimately leading to the bricking of the FPV.One V1 goggles at the pre-set time.
The contractor responsible for the attack is a firm named Swarg, which is also based in Croatia. Interestingly, the physical address of Swarg is the same as that of Orqa, suggesting that both were operating from the same business park.
When the devices started breaking on the configured timestamp, the contractor posted an unauthorized binary file as the patch, demanding additional license renewal payment for the fix. However, Orqa has issued a warning, urging users not to install the unofficial firmware version, as it may be another piece of malicious code.
The cyber incident faced by Orqa highlights the kind of insider threat modern organizations face when they have contracts and partnerships with external parties. To avoid such incidents, experts suggest keeping an eye on communication patterns to detect any anomalies, especially sudden surges or reductions in traffic. It is also advisable to use genuine encryption software to secure sensitive information and implement intrusion detection and prevention systems.
As cyberattacks become more sophisticated and frequent, organizations must remain vigilant and take proactive measures to protect themselves and their customers. The use of advanced cybersecurity measures and strict due diligence practices while choosing external partners can go a long way in mitigating insider threats.
#OrqaFPV #Cybersecurity #DroneRacing #InsiderThreat #Ransomware #Encryption #IntrusionDetection #IntrusionPrevention #DueDiligence