Data/Cyber

T-Mobile suffers another data breach

BY Richard Summerfield

US mobile phone operator T-Mobile has suffered a data breach affecting 37 million customers - the company’s fifth such incident since 2018.

In a Securities and Exchange Commission (SEC) filing, the company noted that it “promptly commenced an investigation with external cybersecurity experts and within a day of learning of the malicious activity, we were able to trace the source of the malicious activity and stop it”. The company has launched an investigation into the breach, but explained that “the malicious activity appears to be fully contained at this time, and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network”.

According to T-Moble, the breach saw a bad actor use a single application programming interface (or API) to obtain limited types of information on customer accounts. T-Mobile said the hack did not expose payment card information, social security, tax, driver’s licence or other government-issued ID numbers. Passwords, PINs and other financial information is also believed to be safe, however the hack did compromise other information, including name, billing address, email, phone number, date of birth, and T-Mobile account number and information, such as the number of lines on the account and plan features.

The breach appears to have occurred in late November 2022, but T-Mobile did not become aware of the attack until 5 January.

“We understand that an incident like this has an impact on our customers and regret that this occurred,” the company said in a statement. “While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.”

T-Mobile has suffered a number of damaging cyber attacks in recent years. Before the most recent breach came to light, in August 2021 the company noted that a hacker had accessed information pertaining to 7.8 million existing customers, and more than 40 million former and prospective customers, including social security numbers and driving licence details. That figure was subsequently revised upwards to around 76.6 million. T-Mobile is reported to have paid the hacker $200,000 via a third party to stop the data being sold on the dark web, but it was reportedly sold anyway.

The company also disclosed hacks in 2018 and 2019 and two other separate incidents in 2020.

Furthermore, in July 2022, the company agreed to pay $500m to settle class action lawsuits brought by those affected by the 2021 breach. The plaintiffs accused T-Mobile of failing to adequately protect customers’ data. As part of a settlement related to the breach, T-Mobile agreed to contribute $350m to cover legal fees and compensation, and to spend a further $150m on making improvements to data security and related technology.

News: T-Mobile’s $150 Million Security Plan Isn’t Cutting It

Cyber security: recession proof?

BY Richard Summerfield

Amid ongoing economic and geopolitical challenges, the cyber security sector remains strong, according to a new report from ICON Corporate Finance.

Thus far, the sector is proving recession-proof and remains a growth area, defying current troubling macroeconomic headwinds. As such, the cyber security sector is leading the way for M&A and fundraising activity in 2022, with deal activity for Q1-Q3 up 60 percent compared to 2020 for M&A and up 22 percent for fundraising.

The report notes that going forward, enterprises must recognise that they must continue investing in cyber defences regardless to protect against an increasingly sophisticated threat landscape, and because of significant geopolitical and economic uncertainty. This, in turn, is acting as a catalyst for M&A and fundraising deal activity.

According to ICON, the first three quarters of 2022 saw 353 cyber security M&A deals, with a total value of $125bn. As a result, the sector is on track to surpass pre-coronavirus (COVID-19) levels. With vendor platform consolidation, largely backed by private equity, being a chief driver behind the sustained deal activity.

Fundraising activity also remained in line with long-term trends, with $15.4bn of venture capital money invested in the sector globally across 572 deals in the first three quarters of the year.

“Enterprises recognise that they must continue hardening their security defences to keep above water in the arms race between good and bad,” said Florian Depner, director of ICON Corporate Finance. “Cybersecurity is mission-critical and companies have no choice but to keep investing given the uplift in malicious activity, and state-backed attacks.

“We also anticipate that Private Equity will continue injecting much-needed growth fuel into later-stage scale-up companies; a trend demonstrated by the BlackRock-backed $250m (£221.7m) investment in Swiss-based storage management and personal backup services provider Acronis.

“These factors, combined with Private Equity backing buy-and-build strategies and vendor platform consolidation, and the fact that the three-year cyber security index for public sector stocks rose 61.5%, while NASDAQ rose just 35.5%, makes cybersecurity players undeniably desirable.”

Going forward, ICON predicts that consolidation will continue at pace as trade and PE acquirers are ready to capitalise on market opportunities.

Report: Cybersecurity Sector Update – Q3 2022

‘Smishing’ and other forms of cyber attack on the rise

BY Richard Summerfield

‘Smishing’, a cyber attack strategy which combines SMS and phishing, is an increasingly prevalent form of cyber attack, according to a new report from Infoblox.

In its ‘Cyber Threat Report Q2 2022’ report, Infoblox notes that smishing is a new and sophisticated mechanism to obtain personal and financial information from victims, through false forms on fraudulent sites.

Smishing messages are sent to potential victims by malicious actors in order to get them to reveal private information, including passwords, identities and financial data. Typically, smishing messages include some incentive for the recipient to click a link, which may be for a site that hosts malware or a page that attempts to convince the user to submit data through a form.

To avoid falling victim to a smishing attack, Infloblox notes that parties should: “Always be suspicious of unexpected text messages, especially those that appear to contain financial or delivery correspondences, documents or links. Never click URLs in text messages from unknown sources. In the campaign under discussion, the source was the recipient, who did not send the message, and that is a red flag.”

“Our report shares research on many dangerous malware threats,” said Mohammed Al-Moneer, regional director, META at Infoblox. “Security effectiveness depends on timely, up-to-date threat intelligence.”

The Q2 2022 report includes information on industry alerts, advisories, reports and original research published from 1 April to 30 June 2022, by the Infoblox Threat Intelligence Group (TIG), Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency Central Security Service (NSA-CSS). Infoblox releases a Quarterly Cyber Threat Intelligence Report, which compiles the main threats and security breaches detected during recent months worldwide.

Report: Q2 2022 Cyberthreat Intelligence Report

Cyber security: a race against time

BY Richard Summerfield

According to a report from Crossword Cybersecurity Plc, 61 percent of chief information security officers (CISOs) are only ‘fairly confident’ of managing their current threat exposure to cyber risks.

The report, ‘Strategy and collaboration: a better way forward for effective cybersecurity’, surveyed of over 200 CISOs and senior UK cyber security professionals. Many respondents identified the ‘perfect storm’ of escalating cyber attacks combined with global tech innovation which is causing cyber security professionals to be less confident of the adequacy of their cyber security provisions. Based on the findings, there is concern that cyber security strategies are not able to keep pace with the rate of tech innovation and changes in the threat landscape.

“The picture painted by our research shows CISOs are in urgent need of a strategic rethink,” said Stuart Jubb, group managing director at Crossword Cybersecurity plc. “CISOs need to balance their cybersecurity operation’s daily load with managing the organisation’s long-term requirements. Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business-wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyberattacks.”

Crossword also asked CISOs about the technology trends they saw as being the most important and relevant over the next 12 months. Several technology categories stood out, with cloud transition and cyber in the cloud leading the way (41 percent), followed by cyber security mesh architecture (CSMA) (35 percent) and artificial intelligence (AI)/machine learning (31 percent).

Respondents also identified a number of other areas of high priority going forward, including closing the cyber skills gap, which can see IT and cyber security teams become quickly overwhelmed if the right expertise is not in place to manage the load, the challenge of gaining consistent and reliable ‘threat intelligence’, and securing digital identity. Respondents were divided over how to address these and other issues, particularly with respect to companies’ short-term cyber goals and the longer-term strategy of many UK organisations.

Report: Strategy and collaboration: a better way forward for effective cybersecurity

Rise of ransomware threats – Verizon

BY Richard Summerfield

The risk posed by ransomware attacks has increased significantly over the last year, according to the 15th annual Verizon 2022 Data Breach Investigations Report.

The report, which aims to increase awareness among organisations of what tactics threat actors are likely to use in data incidents and breaches, analysed 23,986 security incidents from 1 November 2020 to 31 October 2021, and found that ransomware attacks had increased by 13 percent in a single year in 2021, a jump greater than the past five years combined.

According to the report, organised crime continues to be a pervasive force in the world of cyber security, with four out of every five breaches attributed to it over the last 12 months. External actors were approximately four times more likely to cause breaches in an organisation than internal actors, the report notes. Furthermore, the coronavirus (COVID-19) pandemic, as well as ongoing and increasingly fraught geopolitical tensions, have also impacted cyber security, driving increased sophistication, visibility and awareness around nation-state affiliated cyber attacks.

“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time,” said Hans Vestberg, chief executive and chairman of Verizon. “But nowhere is the need to adapt more compelling than in the world of cybersecurity. As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected.”

Verizon also pinpointed the risk faced by supply chains. Supply chain issues have come to dominate the international economic landscape over the past year, and the cyber security space is no different. According to the report, 62 percent of system intrusion incidents came through a supply chain partner of the target organisation.

Twenty-five percent of total breaches were the result of social engineering attacks. The human element accounts for 82 percent of analysed breaches over the past year, including human errors and misuse of privilege. Specifically, human error is responsible for 13 percent of breaches according to the report. ‘Misconfigured cloud storage’ was reported to have been a key driver behind this increase. Stolen credentials and phishing were also dominant among the attacks involving human elements.

“Assess your exposure, mitigate your risk, and take appropriate action,” suggested Dave Hylender, lead author of the report. “As is often the case, getting the basics right is the single most important factor in determining success.”

News: Ransomware threat rises: Verizon 2022 Data Breach Investigations Report

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.