As we continue to head further into Spring 2024, it has been clear that hackers have exhibited no signs of slowing down when it comes to hijacking your data. This month has shown a massive data leak from a prominent cell service provider, an increase in malware attacks on SMBs, and an examination of a simple mistake that can jeopardize your online security. Here’s a quick look at some of the most prevalent cybersecurity events that have occurred in April 2024.
Leaked AT&T Data Found on the Dark Web
AT&T has initiated an investigation into a data breach impacting 73 million current and former customers, with the leaked data containing personally identifiable information (PII) like Social Security numbers. The leaked data was discovered on the dark web approximately two weeks ago. It’s uncertain if the information was taken directly from AT&T or one of its vendors. Despite this, AT&T has clarified that there is no evidence of unauthorized access leading to data exfiltration from its systems. The leaked data, presumed to be from 2019 or earlier, lacks key information like financial details or specific call history. It is estimated that approximately 7.6 million current and 65.4 million former account holders have been affected.
To mitigate risks, AT&T is recommending that customers reset their account passwords and stay alert for any unusual account activity or credit report changes. Additionally, the company has pledged to offer credit monitoring services where appropriate. The breach was initially brought to light by X (formerly Twitter) account @vx-underground on March 17, with AT&T asserting that the discussed dataset is likely the same one recycled on various online forums multiple times.
SMBs are Being Targeted More Than Ever
One concerning new trend of 2024 is small and medium-sized businesses (SMBs) grappling with a notable increase in malware attacks. A report from Sophos underscores that nearly half of all malware detected on SMB endpoints last year were keyloggers, spyware, or info stealers – strategically crafted to steal sensitive data and login credentials. Researchers emphasize the difficulties these cyberthreats have being detected which further exploits legitimate accounts, granting cybercriminals even more opportunities.
Christopher Budd, director of Sophos X-Ops, sheds light on the exponential rise in the value of data among cybercriminals, which is particularly alarming for SMBs that heavily rely on single software applications for multifaceted functions. Infostealers are particularly concerning, as they can compromise sensitive information like financial credentials, potentially leading to substantial financial losses. Ransomware attacks are expected to continue to evolve, with remote encryption attacks surging by nearly two-thirds between 2022 and 2023. Furthermore, business email compromise (BEC) attacks emerge as the second most prevalent threat, marked by increasing sophistication as attackers engage in conversational emails and phone calls with their targets before initiating an attack.
Will Ransomware Attacks Get Worse?
Over the past year, a wave of ransomware attacks has swept through various institutions, including hospitals, pharmacies, tech companies, and prominent hotels and casinos in Las Vegas. This surge in attacks has been fueled by the emergence of a daring group of young hackers known as Scattered Spider, hailing from the U.S., U.K., and Canada, who have partnered with Russia’s most infamous ransomware gang, intensifying the cybersecurity threat.
In September, MGM Resorts experienced one of the most devastating ransomware attacks in history, resulting in over $100 million in losses and severe disruptions to operations across its renowned Las Vegas casinos. Anthony Curtis, a notable figure in the city, witnessed firsthand the chaos unleashed by the attack, which caused widespread malfunctions in slot machines, elevators, and digital door keys. Despite MGM’s refusal to pay the hackers’ $30 million ransom demand, the company suffered significant financial setbacks, including millions in lost revenue and expenses for server reconstruction. The attackers exploited social engineering tactics to infiltrate MGM’s systems, manipulating employees into resetting passwords and deploying destructive malware. Curtis compared the cyberattack to the sophisticated movie heist in Oceans 11, admiring the hackers’ ability to bypass casino security measures. In a similar incident, MGM’s rival, Caesars, fell victim to a suspected social engineering attack by the same group but opted to pay a $15 million ransom to prevent disruptions. While the FBI cautions against paying ransoms, citing the risks involved, businesses face difficult decisions amid mounting pressures during crises.
Are You Making This Simple Mistake?
Despite warnings, a significant number of people continue to use QR codes without verifying their legitimacy. Research reveals that 72% of British citizens scan QR codes without considering the risks, with only 16% being aware of potential scams. QR codes found in public places, such as walls or lamp posts, are frequently scanned by unsuspecting individuals, and approximately 23% of people have scanned QR codes to access public Wi-Fi. Cybersecurity expert Adrianus Warmenhoven from NordVPN emphasizes the dangers of scanning unknown QR codes, warning that they could infect phones with malware without detection.
Furthermore, opening a website from a QR code may expose users to risks, as cybercriminals exploit vulnerabilities during the rendering process. Criminals can easily create counterfeit QR codes to redirect users to malicious websites and shortened URLs from services like Bitly or TinyURL can obscure the destination website, complicating verification. Some QR codes have been used for illicit activities, such as drug dealing near schools, and while fake QR codes in restaurants may not yield significant profits for criminals, they still pose risks to unsuspecting individuals. Scanning a malicious QR code can result in device infection with viruses, malware, or falling victim to phishing attempts, particularly on older phone models with unpatched vulnerabilities. Adrianus advises treating QR codes with caution, recommending verification of URLs before scanning and anticipating their eventual obsolescence as technology evolves, urging users to exercise caution as they would with any other link or digital communication.
Stay Ahead of the Curve with SWK
Staying educated and informed remains crucial in defending against hackers, yet keeping up with every development can be time-consuming. Fortunately, SWK has a variety of solutions tailored for you. Reach out to us today and leverage our team of cybersecurity specialists who stay ahead of the most important emerging stories, allowing you to focus on what makes your company run.