Security vulnerabilities at AT&T and Ticketmaster show that hackers can attack from many directions

When cybercriminals stole five months of customer call logs from AT&T, they found an indirect option to attack the telecommunications giant's data. They found an access point through a cloud computing provider that almost all customers had probably never heard of.

The same goes for the foremost data breach at Ticketmaster, wherein bank card numbers and credentials were stolen, which the corporate confirmed in May.

As our world becomes increasingly digital, so does the quantity of non-public data available for hackers to steal. Everyone leaves a digital footprint once they use devices to speak, shop, monitor their fitness, take heed to music, or upload a document to the cloud. And all of us trust the platforms we use to guard that data.

As more data is collected, the danger of it being compromised also increases. And the results of this are enormous for each consumers and firms.

But the recent hacks at AT&T and Ticketmaster show that it's not only the brands we use that have to protect our digital identities, but in addition the network of corporations they depend on to enable a seamless digital world.

It's a game of cat and mouse, says cybersecurity expert and Georgia Tech professor Mustaque Ahamad, in regards to the relationship between corporations that store data and the hackers who want to take advantage of it.

Hackers are nimble and consistently adapt to search out weaknesses in existing security systems. Companies construct defensive partitions to catch them – they encrypt data, implement access controls and require multiple types of verification. But one all the time wins over the opposite.

“We rely on the Internet and all kinds of online services. We have to be careful and cautious. Attacks can happen and it is not our fault,” said Ahamad. “We have to learn to stay safe in the online world. We will not be able to avoid it.”

All the info collected by corporations has to go somewhere. Companies often don’t have the resources to construct and maintain their very own internal data storage systems, so that they outsource this task to 3rd parties.

Last week, AT&T announced that hackers Data on the calls and text messages of virtually all of its customers over a period of a minimum of five months. AT&T said the hackers downloaded the knowledge in April of this yr from its workspace on a third-party cloud platform that the communications giant later identified as Snowflake.

The data includes digital traces of voice and text communications – the mobile phone numbers that customers called or received calls from, numbers with which AT&T customers exchanged text messages, and the times at which such communications occurred.

The data breach was the most recent of several reported by major corporations because the start of the yr. In May, Ticketmaster confirmed it had detected unauthorized activity in a third-party cloud database and discovered a hacker offering user data on the market on the dark web. In the identical month, Santander Bank reported an information breach involving customer and worker data as a result of unauthorized access to a company database hosted by a third-party provider. Neither company confirmed the name of the third-party provider.

A threat campaign targeting Snowflake's customer databases in April potentially exposed the info of roughly 165 organizations.

According to cybersecurity analyst firm Mandiant, a hacker used compromised credentials stolen using malware to access a customer's Snowflake installation. The hacker used this access to extract data. Multi-factor authentication was not enabled for this account. Around 165 organizations were potentially in danger, in response to Mandiant.

Advance Auto Parts also reported a breach in July and listed Snowflake as an affected supplier in documents submitted to regulators.

Montana-based Snowflake itself was not hacked, the corporate said. In updates on the Snowflake website, Brad Jones, the corporate's chief information security officer, said Snowflake is committed to helping customers protect their accounts and data and now requires multifactor authentication for all users of a Snowflake account.

AT&T, Ticketmaster and Advance Auto Parts didn’t immediately reply to requests for comment.

Several Georgia-based corporations and institutions have also been victims of security breaches prior to now. In April, the University System of Georgia confirmed that its user data had been compromised in a serious cyberattack that targeted file transfer software utilized by private and public organizations worldwide to store information. Data stored by Maximus Health Services, a former contractor for the Georgia Department of Community Health, was also compromised in the identical cyberattack.

Not all breaches occur when hackers gain access to third-party platforms. But these platforms are sometimes targeted because they’re information aggregators and store a treasure trove of knowledge. Hackers can compromise numerous victims directly with minimal effort.

Ahamad, a professor on the Georgia Institute of Technology, reduces it to an easy analogy.

“We put our money in banks. And that's why people rob banks,” he said.

Risks and costs

Data breaches are a serious blow to businesses, each financially and reputationally. According to a report by technology and research giant IBM, the worldwide average cost of an information breach to an organization in 2023 was $4.45 million. This figure includes lost revenue as a result of business interruption or system outage, the fee of lost customers, and the cash spent on services to detect and investigate an information breach.

Some of those costs are passed on to consumers, IBM found. In a survey of 533 corporations affected by security breaches, about 57 percent of respondents said they’d increased prices on their business offerings due to breaches.

There are also obvious risks for consumers when trusting corporations to handle their data properly. Some information could appear less sensitive than others, akin to the length of a user's calls versus banking information, social security numbers or health records. But any style of information could be useful to an attacker. For example, a hacker can discover which customers continuously call a business and “spoof” the business's phone number to defraud them.

Metadata tells wealthy stories about who individuals are, what they do and what their secrets are, says researcher John Scott-Railton wrote on X, formerly Twitter, after the AT&T hackAn unauthorized party now has “NSA-level insight into the lives of Americans,” he said.

The risk increases when the info is stacked.

“One of the things I've been thinking about, especially now with the capabilities of AI, is the ability to leverage intelligence, build at scale, and create better attack profiles for people,” said Scott Kannry, co-founder and CEO of cyber management software company Axio.

Many hackers are motivated by financial gain. In some cases, they use online marketplaces on the dark web to sell stolen data to other parties. The dark web is part of the web that is just accessible with special software or authorization. It is intentionally hidden and protects users from surveillance and tracking, which has made it a hub for marketplaces where stolen material is usually offered on the market.

Others can use the stolen data on to make unauthorized purchases or commit identity theft. In the recent AT&T data breach, a member of the hacking team accepted greater than $300,000 in ransom from the corporate to delete the info. The technology magazine Wired reported.

Some experts like Scott-Railton consider data breaches will proceed to occur until corporations face fines for them. The Securities and Exchange Commission issued recent rules around this time last yr requiring publicly traded corporations to reveal cybersecurity incidents inside 4 business days of determining materiality. An incident is material if it significantly impacts an organization's operations, repute or funds.

In the meantime, businesses and consumers can take precautions to guard themselves. One of the longest-known risks to humanity is fire, Kannry said, and the world has yet to search out an answer.

Companies can put money into detection technology up front to enhance their security posture. In the case of among the breaches linked to Snowflake, cybersecurity firm Mandiant found that compromised accounts didn’t have multifactor authentication enabled. A hacker only needed a legitimate username and password to realize access to customer accounts.

“From a business perspective, the attitude – and this is so trite by now – has to be: 'If something hasn't happened to us yet, it's likely to happen in the future,'” Kannry said.

Consumers can practice what Kannry calls good cyber hygiene: using password managers, enabling multi-factor authentication and monitoring their bank statements for suspicious activity.

“There are risks and bad things can happen, whether they happen accidentally or maliciously. In today's climate, is it even remotely possible that such things can be easily resolved? The answer is absolutely no. Such events will continue to occur. So if a building burns down, you rebuild it, you resume operations and life goes on,” Kannry said.

Originally published:

image credit : www.mercurynews.com