At a glance.
- Stormous’s Coca-Cola hack claims could be all fizz.
- Internal report indicates Facebook has little control over user data.
- Some say Tennessee university’s breach notification process needs improvement.
- Black Basta ransomware.
Stormous’s Coca-Cola hack claims could be all fizz.
Threat group Stormous has released a statement online claiming that it hacked into beverage giant Coca-Cola’s online infrastructure and made off with 161GB of data. The gang is demanding 16 million bitcoin from Coca-Cola for the return of the data, which it has already offered up for sale on the dark web. Coca-Cola’s communications vice president Scott Leith has responded to the claims, stating, “We are aware of this matter and are investigating to determine the validity of the claim.” It’s unclear exactly what type of data was allegedly stolen, but the hack was supposedly made in response to a survey Stormous conducted asking its followers to choose its next target. Tech Monitor notes that experts are skeptical, given that Stormous has a history for making false claims about its operations. For instance, last month the gang claimed it had stolen from the Ministry of Foreign Affairs of Ukraine, but security company SOCRadar found that the data was already readily available on the dark web. As well, earlier this year Stormous boasted it had hacked the network of video game giant Epic Games, but after threatening to post stolen data, it never followed through. Digital Shadows senior cyber threat intelligence analyst Chris Morgan explains, “Some researchers have suggested that many of their attacks are either a scam or the group is exaggerating their claims. This is not uncommon for cybercriminal groups, who often embellish the details of their activity in order to coerce victims into paying a ransom.”
Internal report indicates Facebook has little control over user data.
A leaked internal Facebook document indicates that Facebook’s engineers have little control over how user data is handled, 9to5Mac reports. The document, a report from the advertising team’s privacy engineers regarding how to respond to new privacy regulations, states “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose. And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.” The document also indicates that Facebook’s database has “open borders,” meaning first-party user data, third-party data, and sensitive data are all stored in the same place, making it difficult to control specific pieces of data. One anonymous employee described the situation as a “complete shitshow,” but a Facebook spokesperson has denied that the company is not complying with regulators.
Some say Tennessee university’s breach notification process needs improvement.
Austin Peay State University (APSU), located in the US state of Tennessee, yesterday disclosed it had experienced a ransomware attack, urging students, faculty, and staff to disconnect their devices from the university network as a precautionary measure. A tweet from the school’s official Twitter account bluntly warned, “Ransom ware [sic] attack. THIS IS NOT A TEST! SHUT DOWN ALL COMPUTERS NOW!” and a subsequent tweet referenced a “ransomeware” attack. A few hours later, APSU stated that the attack was being contained and the university's Learning Management System was back online, and the school is operating as normal. That said, Bleeping Computer reports, some experts found APSU’s attack notification method (as well as its spelling skills) lacking. IT Consultant Adam Parsons commented, "PSA: this is not how you alert your faculty and students of a breach,” and a twitter user responded, "I hope Twitter isn’t the only way you are notifying students and faculty.” Further details about the breach have not yet been disclosed.
Black Basta ransomware.
The appearance of the Black Basta ransomware group, described here by BleepingComputer, has attracted industry attention. Neil Jones, director of cybersecurity evangelism at Egnyte, notes the protean nature of ransomware gangs:
"The emergence of the Black Basta ransomware gang reminds us that new cyber-attack organizations can be spun up and disbanded quickly, so organizations of all sizes need to remain vigilant for potential attacks. Just like traditional businesses, business disputes and 'turf wars' can result in cyber-attackers leveraging everchanging techniques that can dramatically alter the attack landscape. A particularly troubling concern about Black Basta is their alleged use of double extortion techniques: the theft of valuable files combined with ransomware encryption. Screenshots of their website also demonstrate a solid level of marketing maturity, including the use of web visitor counter technology. I encourage companies not to let their guards down and to continue with proven detection and mitigation strategies that have gotten them through this ransomware crisis. While it's too early to determine Black Basta's ultimate success, continual steps need to be taken to thwart ransomware groups. The public and private sectors must come together at the highest levels to challenge cyber-criminals."
Arti Raman, CEO and Founder of Titaniam, sees the episode as illustrative as the way in which high-end tactics, techniques, and procedures are becoming rapidly commodified:
“Ransomware attacks are only becoming more sophisticated, and new ransomware gangs like Black Basta are using previous top-tier ransomware gang tactics in order to steal data that can be used in a double-extortion attack.
“To protect customer and internal data and minimize the risk of extortion, data-in-use encryption, also referred to as encryption-in-use, is recommended. In the past, organizations have relied on data-in-rest encryption, but this has become too fragile. If the file or information is being worked on or is accessed using privileged credentials, this protection is rendered useless, and hackers can still steal the underlying data.
"Data-in-use encryption keeps data encrypted even if attackers access it through value credentials to active systems. For this reason, it provides unmatched immunity. Should adversaries break through perimeter security infrastructure and access measures, any data that is observed, accessed, or exfiltrated, will remain undecipherable and unusable—making digital blackmail significantly more difficult or even impossible.”