At a glance.
- Rayzone says "You can't escape your own echo."
- TechnologyOne suffers internal data breach.
- A decade-long Toyota breach compromised data of over 2 million vehicles in Japan.
Rayzone says “You can’t escape your own echo.”
It’s well known that the advertising tech industry sells real-time user data to advertisers seeking to make sure their ads appear to the users most likely to be interested in them. However, advertisers are not the only parties interested in this valuable user data. Bloomberg reports that Israel-based surveillance company Rayzone Group Ltd, has acquired ad tech companies and worked with the brokers, including Google’s ad exchange Authorized Buyers, who engage in real-time ad bidding in order to collect this data and feed into a service it calls Echo. Rayzone sells Echoto governments across the globe who are looking to track individuals through their mobile devices. Experts say Echo is one of the first known commercially available surveillance systems that is fueled by advertising data, and Rayzone has worked to keep their operations under wraps, even making employees sign non-disclosure agreements. A company spokesperson would only admit that Rayzone supplies “government agencies with passive tools to combat terror and crime in line with local and international regulations, alongside our cybersecurity division defending against cyberattacks.” Privacy experts have long warned of the inherent dangers of real-time bidding, and Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, referred to the activity as “the biggest data breach ever recorded—and it’s repeated every day.”
TechnologyOne suffers internal data breach.
Australian software maker TechnologyOne confirmed Wednesday that a hacker had infiltrated its internal Microsoft 365 back-office system, but the company says its customer-facing platform was not impacted, Reuters reports. TechnologyOne temporarily halted trading and shut down the internal system to contain the damage, but it is now fully restored and no further unauthorized activity has been detected. In a statement, the company said, "Our focus remains on the investigation into the incident to determine what data may have been accessed via our internal Microsoft 365 back-office system, and then as is necessary, to engage with impacted individuals on appropriate actions.” While details about the nature of the incident are scarce, Emsisoft threat analyst Brett Callow told TechCrunch ransomware is the likely cause. “Statistically speaking, the most likely explanations are either a ransomware attack or the systems being proactively taken offline to prevent a ransomware attack after the detection of an intrusion.” No ransomware group has yet claimed responsibility for the attack.
A decade-long Toyota breach compromised data of over 2 million vehicles in Japan.
Toyota has disclosed that a decade-long breach of Connected, its cloud-based driver assistance service, compromised the data of around 2.15 million vehicles. Spokesperson Hideaki Homma says the exposure lasted from January 2012 to April 2023 and only impacted cars in Japan. The impacted data include vehicle identification numbers, vehicle location data, and video footage recorded by the vehicle. However, Toyota says this information could not be used to identify a driver, and there is no evidence that any of the data were leaked or abused. Homma also noted the Connected service is operated by a subsidiary and the breach simply flew under the radar until now. Toyota has apologized for the oversight and assured customers that the issue has been resolved.
We received comments on the Toyota data incident from several industry experts. Joe Payne, CEO of Code42, sees the incident as a warning. “Incidents like this should serve as a warning to others to re-evaluate their approach to insider risk immediately. Human error is inevitable but it can be mitigated with the right approach." Payne writes. "Code42’s research has revealed a 32% year-over-year increase in insider-driven data exposure, loss, leak and theft events. Not only is the problem growing, but both detection of and response to insider events have become more challenging. To address this, organizations must build cultures where employees make safer and smarter decisions about data. This starts with employee education and is made stronger by implementing data monitoring tools that protect an organization’s perimeter.”
Tom Kellermann, SVP of cyber strategy at Contrast Security, sees it as fundamentally a cloud issue, and sees it as an indicator of more to come.
“This Toyota data breach is not surprising because more organizations are moving to the cloud and more cloud and serverless malware variants are being born. There are groups like the one behind the first cloud-native malware, Denonia, that will continue to create more variants. I will stress that organizations need to stop assuming that public cloud providers can defend against an evolving threat landscape and that their developers will still be on the hook for securing their systems. However, that means we will also see more defenses created this year.
"Cybercrime cartels and rogue nation intelligence services appreciate that the future is island hopping which lies in colonizing the cloud. This also means that defense capabilities in cloud networks need to improve. One thing that can dramatically help with the development of new defenses is improved security visibility. Due to the total amount of information and resources within a cloud and serverless environments, it is hard to obtain intelligence and achieve observability. Toyota, and other enterprises, need to do more than simply react to new vulnerabilities (whether it’s their fault or their cloud provider). Primary defenses aren’t going to stop a new zero-day so organizations need to establish an infrastructure that will allow them to quickly roll out custom defenses. This will allow enterprises to switch from DEFCON 5 to DEFCON 1 quickly in the face of a new threat.
"More zero-day vulnerability disclosures and waves of attack are on the way. Bad actors will continue their attacks on cloud-based networks, apps and APIs, open source libraries, and software development infrastructure. Attackers will leverage these vulnerabilities not only to steal data, but also to install malware, run ransomware, and mine cryptocurrency.”
Dror Liwer, co-founder of cybersecurity company Coro, wrote a reasoned plea for anonymizing data. “When storing data about customers and how they use your product, it should always be anonymized, and encrypted, Liwer advised. "While this is a misconfiguration which may not have been exploited, there is no reason to take chances with customer data. But beyond encryption and anonymization, when storing data, the main questions should be why, and for how long. Companies should have clear data retention guidelines, which will limit the magnitude and exposure of a breach should one happen.”