Cyber Intelligence Weekly

Cyber Intelligence Weekly (July 7, 2024): Our Take on Three Things You Need to Know

By
Posted on Jul 07 / 2024

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
 

Before we get started on this week’s CIW, I’d like to highlight our Cloud Security Assessment offering!

🔒 Secure Your Cloud Environment with Our Cloud Security Assessment! 🔒

In the fast-paced world of cloud computing, accessing scalable resources isn't enough. Ensuring your cloud infrastructure's security can be daunting under shared responsibility models. That's where we come in! 🚀

Our Cloud Security Assessment uses advanced Cloud Security Posture Management (CSPM) tools to identify insecure configurations, detect over-privileged accounts, and ensure adherence to best practices. Protect your cloud environment and stay ahead of potential threats with our expert services.

Secure your infrastructure today for a safer tomorrow! Learn more here: https://lnkd.in/e6fJiPTT

https://lnkd.in/e6fJiPTT

#CloudSecurity #CyberSecurity #CloudComputing #CSPM #SecureYourCloud

Away we go!

1. Hackers Leak Taylor Swift Tickets, Extort Ticketmaster for Millions

Bad actors have leaked what they claim to be barcode data for 166,000 Taylor Swift Eras Tour tickets, escalating their extortion attempts against Ticketmaster. The group behind the leak, known as ShinyHunters, initially made headlines in May by offering data from 560 million Ticketmaster customers for $500,000. This data breach has since been confirmed by Ticketmaster, which stated that the compromised information was sourced from their account on Snowflake, a cloud-based data warehousing service.

The breach began in April when hackers used stolen credentials to access Snowflake databases of at least 165 organizations. These cybercriminals then demanded ransom from the affected companies to prevent the data from being leaked or sold. Among the victims of this widespread data theft were notable organizations like Neiman Marcus, Los Angeles Unified School District, and Advance Auto Parts.

Today, a hacker group named Sp1d3rHunters, linked to ShinyHunters, leaked data that they claim includes barcodes for Taylor Swift's concerts in Miami, New Orleans, and Indianapolis. The leak provides a sample of the barcode data, revealing seat information, ticket face values, and the process to convert this data into scannable barcodes. This move is part of a broader extortion attempt, with the hackers demanding $2 million to stop the release of additional data, which they claim includes tickets for other major events and sports games.

Ticketmaster responded to these threats by emphasizing the security of their SafeTix technology, which refreshes ticket barcodes every few seconds, rendering the stolen barcodes unusable. The company also denied engaging in any ransom negotiations with the hackers and refuted claims that they offered $1 million to prevent the data leak.

 

2. OpenAI Internal Details Reportedly Stolen in 2023 Breach

Last year, a hacker infiltrated OpenAI's internal messaging systems and stole information regarding the design of the company's artificial intelligence technologies, as reported by the New York Times. The breach involved extracting details from discussions in an online forum where OpenAI employees exchanged information about their latest technologies. However, the hacker did not gain access to the systems where OpenAI develops and houses its AI models, including the widely known ChatGPT.

Microsoft-backed OpenAI chose not to publicly disclose the incident at the time, as it believed that no sensitive information about customers or partners had been compromised. The company informed its employees and board members during an all-hands meeting in April last year. Executives did not consider the breach a national security threat, attributing the attack to an individual hacker without ties to any foreign government, and therefore did not report it to federal law enforcement.

In recent months, OpenAI has been actively addressing security concerns and potential misuse of its AI technologies. In May, the company announced that it had disrupted five covert influence operations attempting to exploit its AI models for deceptive activities online. This incident underscores the ongoing challenges and risks associated with the rapid advancement and deployment of artificial intelligence.

The Biden administration is considering new measures to protect U.S. AI technology from potential threats posed by countries like China and Russia. In line with these efforts, 16 companies developing AI, including OpenAI, pledged at a global meeting in May to prioritize safety in their technological innovations. As regulators strive to keep pace with the fast-evolving AI landscape, such incidents highlight the need for robust security frameworks and vigilant oversight.

3. Twilio Confirms Hackers Accessed Phone Numbers of Authy Users

Twilio recently confirmed that hackers had accessed the phone numbers of 33 million users of its two-factor authentication app, Authy. The breach, claimed by the notorious hacker group ShinyHunters, was announced last week on a popular hacking forum. Twilio's spokesperson, Kari Ramirez, disclosed to TechCrunch that the hackers exploited an unauthenticated endpoint to identify data associated with Authy accounts, including users' phone numbers.

Twilio has since secured the vulnerable endpoint and has assured that there is no evidence suggesting the hackers accessed other sensitive data or Twilio's internal systems. As a precaution, the company has urged all Authy users to update their apps to the latest versions and remain vigilant against potential phishing and smishing attacks. An official alert containing this information was also published on Twilio's website.

While the breach of phone numbers alone may not seem highly dangerous, it does pose significant risks. Rachel Tobac, a social engineering expert and CEO of SocialProof Security, explained that hackers could use the list of phone numbers to impersonate Authy or Twilio, making phishing attempts more convincing. This targeted approach increases the likelihood of successful attacks, as users may be more inclined to trust communications appearing to be from a legitimate source.

This incident follows a larger data breach in 2022, where hackers accessed data from over 100 Twilio customers and executed a widespread phishing campaign, compromising around 10,000 employee credentials from various companies. During that breach, 93 Authy users were specifically targeted, allowing hackers to register additional devices on their accounts and intercept two-factor authentication codes. These incidents highlight the ongoing threats and the importance of robust security measures for protecting user data.

 

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about
 

Are you ready to get started?