Ransomware Attacks Remain High: April 2023 Takes Spot for Third Highest Month
Ransomware is up 24% from this time last year. Here’s what you need to know.
T-Mobile and Nissan disclose breaches, critical security flaws discovered by GitLab, and Single Sign On smishing strikes.
T-Mobile and Nissan North America reported data breaches this week. The Nissan incident began in June 2022 when the data from a third-party software vendor was inadvertently exposed through a misconfigured database. This led to data from thousands of customers being exposed. Nissan had a separate incident in 2021 when a Git server was left exposed with default credentials, which likewise resulted in confidential data like source code being exposed.
T-Mobile was breached through an application programming interface (API). API’s are commonly used for software to communicate and exchange data and are a prime target for threat actors. The attacker used an API to steal customer data for about 37 million accounts. The telecommunications provider has not disclosed how the attacker was able to gain access to the API.
Rather than naming and shaming, high-profile cyber incidents can be painfully instructive. We don’t all need to make the same mistakes to learn. Particularly with recent developments in data extortion and data theft, it’s important to enumerate where data is being stored and shared, who has access, and how the storage is configured.
T-Mobile Informing Impacted Customers about Unauthorized Activity (T-Mobile)
T-Mobile hacked to steal data of 37 million accounts in API data breach (BleepingComputer)
Nissan North America data breach caused by vendor-exposed database (BleepingComputer)
On January 17, 2023, security researchers in collaboration with GitLab announced the discovery of critical security flaws. Git is an open-source tool often used by software developers and engineers for version control as they collaborate on code changes. The flaws (CVE-2022-23521 & CVE-2022-41903) may allow a remote, unauthenticated attacker to perform arbitrary code execution on systems running vulnerable versions of Git. Fortunately, there is no known exploitation in the wild; however, this is not something to ignore until it’s too late. Security patches are available and should be applied as soon as possible. Corvus notified all impacted policyholders and provided remediation guidance to mitigate the risk.
Since Git is so widely used, these are vulnerabilities to watch. There hasn’t been any reported exploitation but that doesn’t mean there isn’t urgency. Threat actors are typically only weeks or days away from developing workable exploits so it’s crucial to maintain a regular patching cadence for vulnerabilities such as these.
Single Sign On (SSO) solutions aim to simplify life for organizations. But they can also be a goldmine for scammers. SSO allows a user to authenticate across multiple services using a single login. This means that if an attacker can trick you into giving up your login, they get access to many different resources. Recently, scammers have gone a step further by sending fake SSO notifications in a type of attack called “Smishing.” This is where attackers send phish not to your inbox, but to your cell phone via text message. This is the attack vector used in high-profile breaches such as Twilio.
SSO is a great thing if it’s configured properly. Phishing or smishing attempts for SSO login credentials can be halted with the right protections in place. Of course, awareness and user training is always a good idea. But past that, your organization should use modern, phishing-resistant multifactor authentication (MFA) on your SSO accounts.
This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.
Ransomware is up 24% from this time last year. Here’s what you need to know.
Ransomware is up 60% from this time last year, and 141% from two years ago.
T-Mobile and Nissan disclose breaches, critical security flaws discovered by GitLab, and Single...