Back in January, we noted that T-Mobile had recently revealed it had been hacked eight times over the last five years. But a new report by security expert Brian Krebs suggests it could be far worse than that. According to Krebs, hackers are making a compelling case that they’ve managed to compromise the wireless giant’s network and internal systems 100 times in just 2022 alone: Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.
British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates 1,700 locations across the United Kingdom and employs over 12,500 people, reporting a revenue of $1.67 billion in 2022. “WH Smith PLC has been the target of a cyber security incident which has resulted in illegal access to some company data, including current and former employee data,” reads the company’s cybersecurity notice filed with London’s Stock Exchange.
CrowdStrike released the 9th annual edition of its Global Threat Report this week. The 42-page report reveals insights on threat actor behavior, tactics, and trends from the past year—tracking activities of more than 200 cyber adversaries. There are a number of interesting findings and notable trends in the 2023 Global Threat Report, but what stands out is the changing dynamics of ransomware attacks. The CrowdStrike Intelligence team analyzed and evaluated data from trillions of daily events from the CrowdStrike Falcon platform, combined with insights from CrowdStrike Falcon Overwatch to create the report. While it is interesting to look back and delve into the tools, techniques, and tactics employed by threat actors, the real value of a report like this is to highlight concerning trends and emerging strategies to help organizations be better prepared to defend against future threats.
Industry experts have warned of a growing risk to corporate profits from so-called SMS pumping scams, which abuse one-time password (OTP) generation to make money for cyber-criminals. The scale of the threat was highlighted by Elon Musk last month when he claimed that Twitter is getting “scammed” to the tune of $60m per year by fake two-factor authentication (2FA) SMS messages. While the cybersecurity industry focused on his response – to withdraw text message-based OTPs for non-subscribers – the real issue remains unaddressed, according to Henry Cazalet, director of TheSMSWorks. “Small businesses and startups are particularly vulnerable to SMS pumping fraud. They are less likely to have the resources required to make their web forms more secure,” he told Infosecurity.
Chick-fil-A, an American fast food company, has acknowledged that consumers’ accounts were compromised in a months-long credential stuffing assault, giving threat actors access to personal data and the ability to use saved reward balances. Chick-fil-A started looking into what it called “strange activity” on consumers’ accounts in January. Chick-fil-A created a support page at the time with instructions for customers on what to do if they see strange behavior on their accounts. Around Christmas, an email was sent informing them of allegations of user accounts at the restaurant being stolen in credential-stuffing attacks and sold online.
Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company’s servers along with those at federal agencies and tech giants including Microsoft and Intel. “It was similar to a fraternity rush – the best experience I never want to do again,” Scales, head of incident response at Mandiant, told The Register. “It was quite intense. Little did we know we were going to be in the middle of the supply-chain attack of the decade.” This, of course, was SolarWinds attack, which has since been attributed to Russia’s Cozy Bear gang, and in addition to being the most high-profile supply-chain breach, it was also during the COVID-19 lockdown, so the IR team’s war room was entirely virtual.