Over the past few weeks several major corporations from Car Dealership company CDK, to AT&T, and even Ticketmaster, hackers have wreaked havoc on some of America’s most prolific corporations.  It would be expected that corporate entities with such massive footprints would keep a very secure profile, and examining how these companies fell victim to hackers gaining unauthorized access can help us understand how to better defend from such attacks.

AT&T reportedly learned in April of 2024 that customer data was illegally accessed and downloaded from a third-party cloud platform.  The hack involved 109 millions customers, and the data that was stollen includes phone calls and text message data of nearly all of AT&T’s customer base from May 1st, 2022 to oct. 31, 2022, as well as some other data from Jan 2, 2023.  The stollen information did not includes contents of the calls or texts, or Social Security Numbers and Personally identifiable information.

Still the amount of data stollen is a massive breach of proper security infrastructure, which led to the exposure of otherwise critical customer data.  AT&T provided a statement that users can check if their data was compromised by logging onto their AT&T accounts.

Ticketmaster is a popular site used by millions of customers to purchase tickets for events and venues of all kinds.  In May North American customers were sent an email warning them to take action after the company was hacked reportedly in May this year.

Ticketmaster relayed that the personal details of 560 millions Ticketmaster customers worldwide were stolen in the hack, and it’s very likely that this information will be sold online.  The hacking gang had asked Ticketmaster for a $500,000 dollar ransom in exchange for the deletion of the stollen data, but it is not known if that ransom was paid.  In the meantime, Identity Protection is being offered by those affected in the attack.

Hackers from a cyber-crime organization calling themselves ‘ShinyHunters’ took responsibility for the attack.  Similarly to the AT&T attack, investigations revealed that the group had stollen login details from a cloud storage company called Snowflake.

A Cyber Security firm called Mandiant performed the investigation and noted that the Cloud Storage company SnowFlake was not itself hacked, but only that TicketMaster’s account was hacked as a result of stollen login data.

In late June it was reported that CDK Global, a cloud based software firm which serves car dealerships within the U.S. was also hacked and appears to have paid a $25 million dollar random to the hackers.  A week after the payment was made, CDK said that it was brining car dealerships back online to its platform.  Although it has not been confirmed that CDK made the payment, it is widely believed through sources to be the case.

Cybercriminals have extorted a record $1.1 billion dollars in ransom payments from victim organization around the world last year despite US government efforts to cut off their cash flows, reported by crypto-tracking firm Chainalysis.

How Can You Protect Your IT

It’s important to take-away from these incidents important details about how these cybercriminal organizations were able to gain access, and how you can protect yourself and your IT from these types of attacks.

What we know from each of these incidents is that they involved unauthorized access, third party services, and the hackers utilized ransomware to encrypt and attempt to extract money in the form of cryptocurrency.

What is Ransomware?
Ransomware is a type of malicious software designed to encrypt and lock access to certain files within a computer system or network, until a sum of money is paid in exchange for a key to decrypt the locked files.

There are many possible methods hackers can employ to gain access to online accounts like email’s, computer login’s, or online cloud services like those mentioned above.  Some methods include Brute Force and Dictionary attacks which utilize guessing a combination of passwords until they gain access.

Other popular methods of gaining unauthorized access to accounts involved Phishing attacks.

What is Phishing?

Phishing attacks can come in various forms, such as emails, text messages, phone calls, or even websites designed to trick users into sharing sensitive information without realizing it.  Some phishing attempts may come in the form of social engineering, where a cybercriminal may reach out on a phone call impersonating a user who has been locked out of their account.

There are many ways to identify phishing scams of all kinds.  Email phishing scams are some of the most common, so if you receive an email requesting you to reset your password, or login to provide your login details, you should be aware that you could be dealing with a phishing email.  By checking the email headers of suspicious messages you can reveal the full from address make sure that the source of the message is coming from who they really are.  Be wary of clicking any embedded links as well, you can reveal a links location by hovering over it with your mouse cursor without clicking the actual link to verify where it will take you.

Another important step in securing every account that has access to or manages important company data is to enable Two Factor Authentication (2FA).  Two-Factor Authentication helps to ensure that the person logging in to a particular account is the actual person who is authorized to do so.  Two factor authentication works by sending a text to the end-users phone with a code that they must enter to gain access.

You can be even more secure by utilizing a two factor authentication app as well like the Microsoft Authenticator, or Google Authenticator.

One of the best ways to ensure your data and IT infrastructure is secure is by partnering with a managed IT provider, who specializes in securing your networks and data.  By utilizing experts such as Natural Networks can help ensure that your organization is doing everything possible to keep it’s data safe and secure.  You can learn more about how a managed IT providers like Network 512 can take your security to the next level!