At a glance.
- Cloud logs and the monetization of stolen data.
- Georgia state park discloses ransomware attack.
- Apple accused of GDPR violations.
Cloud logs optimize the monetization of stolen data.
Cloud technology is well-known as a cost-efficient solution for storing large amounts of data. Cybercriminals in the business of selling stolen data have now found a way to take advantage of the cloud to offload more data more quickly, reports AiThority. A study from researchers at Trend Micro reveals that hackers are dumping massive amounts of stolen data into the cloud, then selling access to these “cloud logs” to other threat actors to carry out future operations. The data are usually comprised of account credentials or internal logins—remote desktop protocol credentials, for instance—which hackers can then use to hijack user accounts or initiate malware campaigns. For up to $1000 per month, a cybercriminal can purchase a subscription that will give them access to millions of records, with higher price tags for databases that are refreshed more often or offer exclusive access. This new tactic poses a new challenge for cybersecurity professionals, as compromised organizations will have to work double-time to discover and react to cyberattacks before the data is disseminated.
Georgia state park hit with ransomware attack.
Jekyll Island State Park in Georgia has released a statement confirming that the park authority’s computer system suffered a ransomware attack. Though the attack likely began in June, it was discovered in September. In order to determine whether personal data were affected, an extensive investigation was conducted, which accounts for the delay before notifying the public. It appears that up to seven thousand individuals and businesses affiliated with the state park have been impacted, with compromised data including social security numbers and payment info. In response, the park has set aside $25,000 to improve their data security measures.
Apple accused of mobile tracking privacy violation.
Influential Austrian privacy activist Max Schrems has filed two complaints, one in Germany and the other in Spain, against tech giant Apple, reports CNBC. Schrems’ nonprofit Noyb is taking Apple to task for advertising tracking code they assert infringes on user privacy. Identifier for Advertisers, or IDFA, is a tracking tool that makes it easier for advertisers to personalize advertising and monitor its effectiveness. The problem, Noyb argues, is that IDFA is stored on the device without the user’s consent, which is a violation of the “cookie law” and therefore goes against EU privacy regulations. Apple disputes the claim, arguing that “Apple does not access or use the IDFA on a user’s device for any purpose.” iPhone users can already opt-out of advertiser tracking, but Apple has delayed implementing a setting that would require app makers to acquire user permission before activating IDFA. Noyb, however, sees this as irrelevant, since the presence of IDFA at all is, in their opinion, an invasion of privacy.