Almost All of AT&T’s Wireless Customers Hacked as Snowflake Breach Snowballs

Snowflake

The interconnected global operating landscape has never held more opportunity for businesses. Or more threats.

Gaining a deeper understanding of the threat landscape and the top tactics, techniques and procedures (TTPs) of ransomware gangs is increasingly crucial for firms.

News broke Friday (July 12) that a fraudster “unlawfully accessed and copied AT&T call logs” impacting “nearly all of AT&T’s wireless customers and customers of mobile virtual network operators … using AT&T’s wireless network.”

AT&T counts nearly 90 million cellphone subscribers, and that is before including in the total the third-party reseller brands that use its network.

The data obtained by the cybercriminals included records of calls and texts and is believed to have stemmed from an earlier data breach on cloud storage and data warehousing vendor Snowflake. The company indicated that, so far, the data has not surfaced for sale on the dark web, unlike other caches of information related to the Snowflake attack.

The incident follows a separate revelation Wednesday (July 10) that as a result of the same Snowflake data breach, the criminal theft of customer data from Advance Auto Parts has impacted over 2.3 million individuals.

The Advance Auto Parts’ customer data that was stolen potentially includes names, dates of birth, Social Security numbers, and driver’s license or other ID document numbers, and it underscores the fact that Snowflake’s breach may be snowballing into one of the largest data attacks by surface area undertaken by a ransomware gang.

Read also: Firms Look to Mitigate Consequences From Data Breaches

Inside the Shadows: How Ransomware Gangs Operate

Ransomware gangs often begin their attack by gaining initial access through various means such as exploiting vulnerabilities in public-facing applications or using phishing emails to deceive employees into installing malware. Once inside the network, they employ techniques like credential dumping and lateral movement to navigate through the system and identify valuable data.

Mike Storiale, vice president of innovation development at Synchrony, told PYMNTS in February that the new operation reality is that “identity theft, phishing and data breaches have all become more prevalent.”

Cybercriminals employ sophisticated techniques to infiltrate systems, encrypt files and demand ransoms for the decryption keys. Understanding their modus operandi is the first step in defending against these malicious attacks. Proactive measures, employee education and security protocols are essential in mitigating the risk and impact of security breaches.

“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access powerful tools and launch sophisticated attacks.

“It’s a combination of defenses at the human layer, controls at the network layer, application layer and business process layer,” Mallik added. “This is complemented by continuous monitoring of the external threat environment.”

See also: 2024 Is Already the Year of the Cyberattack

As the threat landscape continues to evolve, so too must the strategies employed to combat these malicious actors.

“Everyone has been dealing with cybersecurity for a long time,” XiFin Chief Financial Officer Erik Sallee told PYMNTS in June. “There’s no way around it other than blocking and tackling, doing the right thing every day keeping all your systems up to date, making sure you’re working with good vendors and investing in it. It’s a cost-avoidance type of investment, but it’s one you have to understand, and you can’t short shrift it.”

To protect against ransomware attacks, organizations are advised to adopt a multilayered security approach. This includes regular software updates, employee training on phishing awareness, robust data backup strategies, and the deployment of advanced security solutions capable of detecting and mitigating ransomware threats.

“It is essentially an adversarial game; criminals are out to make money, and the financial community needs to curtail that activity,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS in February. “What’s different now is that both sides are armed with some really impressive technology.”

“On the automated side, it’s all about data,” he added. “It’s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you’ve got to have that information there, and you’ve got to connect it together. That’s step one.”