Hacker Tracker | April In Review

PK Tech Blog Image (11)

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

1. Data stolen after ransomware attack on Yum! Brands | 4.11.23

  • Personal information belonging to employees was exposed during the January 2023 cybersecurity incident. 
  • The parent company of KFC, Pizza Hut, and Taco Bell chains started sending out notifications to affected customers explaining what kind of information was stolen during the attack that took place in mid-January this year.
  • In the initial report, the company said there was no evidence of customer data having been taken. But now that this has been confirmed, Yum! brands has amended its claim to say there’s no evidence that the stolen data is being actively exploited in the wild.
  • The attack forced the company to shut down up to 300 restaurants in one market for a day.
  • View the Source

2. 3CX hack caused by trading software supply chain attack | 4.20.23

  • An investigation into last month’s 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
  • The malicious installer for Trading Technologies’ X_TRADER software, downloaded and installed on an employee’s personal computer, deployed the multi-stage modular backdoor VEILEDSIGNAL designed to execute shellcode, inject a communication module into Chrome, Firefox, or Edge processes, and terminate itself.
  • View the Source

3. American Bar Association data breach hits 1.4 million members

  • The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.
  • A hacker was detected on its network on March 17th, 2023, and may have gained access to members’ login credentials for a legacy member system decommissioned in 2018.
  • This was not a ransomware attack and therefore no corporate or personal data was stolen, but there are some concerns that the threat actors could abuse the credentials.
  • The fallout of the attack caused the ABA to initiate its incident response plan and acquire outside cybersecurity experts to execute a full investigation.
  • View the Source

Lessons Learned From This Month’s Hacks

#1–Be careful who you give your data to (yes, even when you’re just getting some KFC fried chicken!). Many companies, when breached, will submit statements saying that no information is being exploited in the wild, but the truth is, many do not know the full extent of an attack until months later. Remember, you assume the cybersecurity practices of whichever companies you choose to share your information with.

#2–The evolution of the 3CX attack as they understand the root cause is a reminder of the importance of the third-party vendors you employ within your organization.

For VoIP business phone solutions, we highly recommend Microsoft Teams Phones over 3CX. The 3CX VoIP attack supports why now is the time to move to your last phone system and adopt Team Phones. We talk more about why you should use Team Phones here.

#3- We wrote a full review of what we can learn from the attack on the ABA here, but here’s the cliff notes. The old ABA membership system that was hacked used a technique called hashing and salting to encrypt the user passwords. Common uses of hashing include for digital signatures, file management, password storage, and document management. While a seemingly innovative cybersecurity practice (which it is), hashing always comes with a widened security landscape for organizations. What does this mean? With any new technique, strategy, or software, comes new risks, even if it reduces others. Whenever your organization is introducing new technologies, software, etc., make sure you are consulting your IT team and managing the new associated risks. 

Reach out if you have questions here.