The new year is upon us, but from a cybersecurity perspective, things look much the same as they did last year.
January brought fresh attacks on a pair of familiar targets, high-stakes escalations in the ransomware game, and questionable crisis management from a high-profile victim. In other words, business as usual for cybercriminals! Let’s look at a few noteworthy cybercrimes from January 2023.
January’s Biggest Cyber Attacks
T-Mobile Targeted … Again
The telecommunications giant is currently in the midst of a massive overhaul of their cybersecurity systems, stemming from a number of high-profile data breaches the company has weathered over the past five years.
In fact, they’re about to begin payments in the $350 settlement of a class-action lawsuit related to a previous data breach. This would be the worst time to be hit again. So, of course, that’s exactly what happened.
In January the company revealed that a hacker had breached their systems via an API, gaining access to postpaid and prepaid customer accounts. The company claims the records accessed only included basic information like names, addresses, and account numbers, and did not include payment information of Social Security numbers.
Records Exposed: Personally identifiable information including addresses and account numbers
Type of Attack: API Attack
Date of Attack: 25 November 2022 / Discovered 5 January 2023
Location: Bellevue, Washington
Key Takeaway: This attack was an unwelcome reminder of the constant danger of cyber threat from a company that’s taken more than their fair share of licks.
While T-Mobile claims the attack was stopped within 24 hours of discovery and that the damage didn’t spread to include passwords or payment information, the company is left rolling out yet another data breach notification to customers who have become all-too familiar with them. While overhauling their cybersecurity is a long-overdue move, it remains to be seen if their reputation has been damaged beyond repair.
Another Hacker Monkeys with MailChimp
Here we go again … again. After falling victim to two high-profile data breaches in 2022, the last thing MailChimp needed was another.
Unfortunately for the widely used email marketing platform, that’s exactly what they got on 11 January. An unknown attacker gained access to an internal customer support tool after stealing credentials via a social engineering scam. That allowed them administrative access to 133 MailChimp customer accounts.
That might seem like a comparatively small data breach, but one of those accounts belonged to WooCommerce, one of the most popular commerce tools for small businesses with WordPress sites. It appears as though only names, email addresses and website addresses were exposed, which is at least some good news for WooCommerce’s more than 5 million users.
Still, considering that the circumstances of this attack look strikingly similar to one that hit MailChimp last August, some shaken confidence would be more than understandable.
Records Exposed: Personally identifiable information including business websites
Type of Attack: Social engineering
Industry: Email marketing
Date of Attack: 11 January 2023
Location: Atlanta, Georgia
Key takeaway: This is a frustrating scenario for customers who rely on MailChimp to keep their businesses operational but are understandably tired of worrying about repeated data breaches.
It’s also certain to have strained relations between MailChimp and an extremely valuable client like WooCommerce. While that might not have immediate repercussions for a player as big as MailChimp, you can be sure that their competitors are paying attention.
Ransomware Gang Threatens UK Schoolchildren
It’s a common trope in crime movies that attacks on children and family members are off-limits even for hardened gangsters.
Unfortunately, that kind of honor among thieves doesn’t always apply in the real world. That grim fact was on display in a January 19 ransomware attack on Guildford County School in the U.K. The notorious Vice Society gang has taken credit for stealing hundreds of files from the music school, shutting down phones and IT functions in the process.
The stolen files showed up soon afterwards on Vice Society’s leak site, matching the gang’s habit of double extortion, threatening to leak sensitive personal information if its demands are not met.
Most disturbingly, the data in this case appears to include highly confidential files about students identified as at-risk. That increases the already high stakes of a ransomware attack, and lays bare the lengths to which cybercriminals are willing to go to get their score.
Records Exposed: Personally identifiable information including school and behavioral records
Type of Attack: Ransomware
Date of Attack: 19 January 2023
Location: Guildford County, U.K.
Key takeaway: As we’ve seen countless times, some of our most vulnerable and vital institutions are also some of the most desirable targets for cybercriminals.
It may be hard for the average person to fathom how someone could hold the personal information of at-risk children hostage, but a willingness to go that extra criminal mile is exactly what makes these groups so dangerous. Organisations serving vulnerable communities need solutions to pre-empt these kinds of attacks and keep their users’ data safe.
Vice Users Finally Find Out About a Big Breach
Subscribers and employees of Vice Media got the news on January 26 that their sensitive personal data had been exposed when the alternative journalism giant suffered a cyberattack – 10 months earlier. The March 2022 attack exposed Social Security numbers, credit card and financial account numbers, access codes, and PINs belonging to 1,724 people in the Vice network.
Vice hired a third party to launch an immediate investigation into the attack, which seems to have been initiated via a compromised employee email account. That investigation apparently did not wrap up until January 25, after which affected account holders received notifications.
It is unclear why it took 10 months to confirm what data had been stolen, but at least one law firm has announced that it will lead its own investigation into the matter.
Records Exposed: Personally identifiable information including financial data and Social Security numbers
Type of Attack: Social engineering
Date of Attack: March 2022
Location: Brooklyn, New York
Key takeaway: While it might seem easy to fault Vice Media for taking so long to publicise this attack, there is something to be said for a business doing due diligence and getting all of their facts in order before alerting customers.
Even so, the sensitive nature of the stolen data here probably should have spurred quicker action. Subscribers who went nearly a year without knowing about their financial data being compromised would likely agree.
From massive corporations to vulnerable children, January illustrates that no one is immune to the insidious intrusion of cybercrime. Fortunately, Arctic Wolf provides a wide range of tools and solutions to help head cybercriminals off at the pass. Contact us today to schedule a demonstration of what Arctic Wolf cybersecurity can do to keep your data right where it should be.