At a glance.
- Google Fi breach linked to SIM swapping attacks.
- No such thing as small data.
- Hackers put the brakes on UK car retailer’s operations.
Google Fi breach linked to SIM swapping attacks.
As we noted yesterday, Google’s telecommunications service Google Fi has disclosed that some customer data were exposed as a result of the recent T-Mobile data breach. SIM card serial numbers were among the compromised data, and Google Fi has issued a warning that this info allowed threat actors to conduct SIM swap attacks on some customers.
As Bleeping Computer explains, SIM swapping attacks involve threat actors tricking mobile carriers to port a customer's phone number to a mobile SIM card under the attacker's control. In order to do this, the hacker poses as the customer, using personal data stolen through social engineering or phishing scams (or in this case, the Google Fi breach) to gain credibility. Once the number is ported, the attackers can access the victim's text messages and multi-factor authentication codes, which opens the door for a variety of other crimes.
Google has sent the potential SIM swap victims a special notification reading, “On January 1, 2023, for about 1 hour 48 minutes, your mobile phone service was transferred from your SIM card to another SIM card. During the time of this temporary transfer, the unauthorized access could have involved the use of your phone number to send and receive phone calls and text messages.” Some victims have already taken to social media to discuss the ordeal, with one Google Fi customer posting on Reddit that a hacker took over “three of my online accounts -- my primary email, a financial account, and the Authy authenticator app, all because they were able to receive my SMSes and therefore defeat SMS-based 2-fac."
No such thing as small data.
The nonprofit Identity Theft Resource Center released its Annual Data Breach Report, and it lists the main sources for data used in social engineering attacks last year. Topping the chart were Twitter, Neopets, AT&T Data, and Cash App. Some might find these results surprising, given that the data users share on some of these platforms is not considered highly sensitive, but researchers say resourceful cybercriminals can find a way to turn even seemingly trivial data into a payday. Eva Velasquez, president and CEO of the Identity Theft Resource Center, told CBS17.com, “Things like our behaviors, our likes and dislikes — that data has value and its being used in social engineering attacks.” She says threat actors can use such data to build behavioral profiles on their victims, making it easier to track their activities or pose as them for identity fraud scams. Her advice for individuals looking to protect themselves: “Be careful about what you share and don’t put everything on social media. Adopt a zero-trust approach. If you get an email, phone call or text, don’t automatically assume because they have a little information on you that you’re talking to whoever they say they are.”
Hackers put the brakes on UK car retailer’s operations.
Leading UK car dealer Arnold Clark has disclosed it suffered a cyberattack in December at the hands of the Play ransomware group, Bleeping Computer reports. In customer notification emails sent this week, the company stated, "During this incident, it appears that some personal data stored in our network may have been stolen, including names, contact details, dates of birth, vehicle details, ID documents (such as passports and driver's licenses), National Insurance numbers (in limited cases) and bank account details.”
A day after the attack was detected, Arnold Clark disconnected its systems from the web and has been working to restore the compromised systems in order to rebuild its "network in a new segregated environment." The police and the UK Information Commissioner's Officer have been notified of the incident, and an investigation is underway to determine the full scope of breach. In the meantime, the car retailer is warning customers of the potential threat of phishing attacks or other scams connected to the compromised data.
Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, commented on the Arnold Clark incident. “This incident emphasizes just how important it is for retailers to protect customer data effectively," Shadabi wrote. "These industries thrive on online transactions, which also requires them to collect sensitive PII that threat actors are always targeting. Organizations need to do their due diligence, understand the true nature of the sensitive data they protect, and find the right methods to guard the data itself rather than just the borders around it. Data-centric security like tokenization and format-preserving encryption isn’t just for the gargantuan enterprises spanning the globe—even a small- or medium-sized organization can suffer a large-scale attack on their data—to devastating consequences, unless of course a smart data-centric security strategy stands in the way.”