Hacker Tracker | August

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

Email marketing firm hacked to steal crypto-focused mailing lists | 8.8.22

• Email marketing firm Klaviyo suffered a data breach on August 3rd.
• Hackers gained access to internal systems after stealing an employee’s credentials via a phishing attack.
• The hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates. Stolen data includes customers’ names, addresses, emails, and phone numbers.
• Threat actors are already trying to gain access to the stolen data.
• View the Source

Twilio hack exposed Signal phone numbers of 1,900 users | 8.15.22

• Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month.
• The communications company confirmed that data belonging to 125 of its customers was exposed after the hackers gained access to Twilio employee accounts by sending them text messages with malicious links.
• Signal released this message to users: “All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected”
• Signal’s investigation into the incident concluded that the hacker’s access to Twilio’s customer support console either allowed them to see that the phone number was linked to a Signal account or revealed the SMS verification code for registering with the service.
• View the Source

Confused cyber criminals have hacked a water company in a bizarre case of mistaken identity | 8.16.22

• A company which provides 1.6 million people with drinking water says it has been targeted by cyber criminals — who appear to mistakenly believe they’ve tapped into a different water supplier.
• South Staffordshire Water says it has been the “target of a criminal cyber attack” which is causing disruption to its corporate IT network, but hasn’t affected the company’s ability to provide safe drinking water to customers. 
• The company revealed that it had been targeted by criminal hackers shortly after the Clop ransomware gang claimed to have hit another water company, Thames Water, who say that reports they’ve been breached are a “cyber hoax”. 
• South Staffordshire Water says it’s “working closely with the relevant government and regulatory authorities” and that it will keep them, and customers, updated as investigations into the incident continue, but at this point, it has not affected their ability to deliver water to customers.
• View the Source

Lessons Learned

#1- From the attack on Klaviyo, we learn that you don’t have to be a big-name tech company or a major utility company, to be targeted by hackers. An unknowing marketing firm was the target simply because they housed sensitive client information and an employee fell for a phishing email. The lesson here is this: no matter your industry, company size, or product or service, if you house sensitive client data, you are a target. Follow the SLAM method for identifying phishing emails.

#2- With the Signal/Twilio attack, we are reminded of the danger of unencrypted SMS text messages. We talked about a prior SMS exploit on our blog. To summarize our advice on this topic: avoid SMS 2-factor whenever possible in favor of app-based multi-factor. SMS is unencrypted and exploitable. 

#3- With a tightened competitive landscape and ransomware gangs as desperate as ever, we see for the first time, a potential “cyber hoax”. What do we learn from this? If you think you’ve been attacked, consult your cybersecurity insurance company ASAP. They’ll loop in experts to evaluate the extent of the attack and develop calculated next steps. In this case, potential fraud was uncovered. With the help of experts early, you can potentially avoid being a double victim.