This Month in Cybersecurity - July Edition
Microsoft Connects Scattered Spider to Qilin Ransomware
Microsoft has reported that the Scattered Spider cybercrime gang has started using a new type of ransomware called Qilin in their attacks. This group, also known as Octo Tempest, gained attention for targeting over 130 major companies, including Microsoft and AT&T.
The group employs various tactics to access networks, such as impersonating IT staff and using phishing techniques that have been warned against by both the FBI and CISA. Recently, the new ransomware being utilized by Scattered Spider, Qilin, has been noted for its advanced capabilities, especially targeting VMware systems used by businesses. The group utilizes Qilin to infiltrate a company’s network and extract data; Scattered Spider then utilizes this stolen data to leverage a ransom demand.
UK Regulators Receives Complaint About Meta’s AI Data Policies
The UK-based Open Rights Group (ORG) has filed a complaint against Meta for changing its privacy policy, which allows the company to use user data to develop AI models. Meta informed Facebook and Instagram users about this policy change, citing "legitimate interests" as the legal basis for using personal information. This complaint follows a similar action in the EU, where Meta paused its plans to train AI on EU user data after regulatory concerns.
ORG has argued that Meta's approach violates UK data protection laws and emphasizes that users should have clear consent, rather than just the option to opt out. ORG has also made the argument that despite Meta telling users they have the right to object, they have not committed to honoring those objects. The group has urged the UK's Information Commissioner’s Office (ICO) to investigate and stop these practices.
SquareSpace Migrations Become Target for Exploitation
Last week, several cryptocurrency platforms faced major issues after hackers gained access to their domain names registered with Squarespace. The attacks began on July 9, exploiting a flaw in Squarespace’s migration process for around 10 million domains acquired from Google Domains.
Hackers were able to create accounts using email addresses linked to the domains without proper validation, allowing them to take control and modify Domain Name System (DNS) records. This led to DNS hijacking, the practice of changing the registered information for a domain to redirect visitors to potentially harmful sites.
Although the affected platforms have since regained control and no further malicious activity has been reported, Squarespace has tightened its security measures and users are urged to enable two-factor authentication and check their account settings.
Defensible Strategies
Learn from those who have been attacked
AT&T Data Breach Affects Nearly All Customers
AT&T has revealed a data breach that exposed phone call and text message records for about 110 million customers, affecting nearly all of its users. The breach occurred in April when hackers accessed a cloud database protected only by a username and password, lacking multi-factor authentication.
While the stolen data did not include the content of calls or personal details like Social Security numbers, it contained information that could indicate the locations of cellular communications. AT&T delayed notifying affected customers due to federal investigations, which included input from the FBI.
This incident is part of a larger issue involving data breaches at several companies using the same cloud service, Snowflake, which is now requiring enhanced security measures.
Threat Agents Claim to Have Hacked Disney
A hacktivist group called NullBulge claims to have breached Disney's IT systems, stealing 1.1 terabytes of data from internal Slack channels. They allege that the data includes sensitive information such as project details, social security numbers, login credentials, and personal photos, taken from nearly 10,000 channels.
NullBulge, which claims to advocate for artists' rights, has criticized Disney for not paying royalties to writers of major franchises like Star Wars. Although the group initially intended to gather more information before revealing the breach, they decided to go public after an insider's involvement ended abruptly. Disney has not yet confirmed the breach, but if verified, it could lead to significant legal actions from the company against the hackers.