{"id":62628,"date":"2024-12-24T14:18:49","date_gmt":"2024-12-24T14:18:49","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2024\/12\/24\/these-are-the-cybersecurity-stories-we-were-jealous-of-in-2024\/"},"modified":"2024-12-24T14:20:04","modified_gmt":"2024-12-24T14:20:04","slug":"these-are-the-cybersecurity-stories-we-were-jealous-of-in-2024","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2024\/12\/24\/these-are-the-cybersecurity-stories-we-were-jealous-of-in-2024\/","title":{"rendered":"These are the cybersecurity stories we were jealous of in 2024"},"content":{"rendered":"

<\/a>\n
<\/p>\n

\n

Since 2018, together with colleagues first at VICE Motherboard, and now at TechCrunch<\/a>, I’ve been publishing an inventory on the finish of the 12 months highlighting the very best cybersecurity tales reported by different shops. Cybersecurity, surveillance, and privateness are big subjects that nobody single publication can cowl successfully by itself. Journalism is by definition aggressive, but in addition a extremely collaborative subject. That\u2019s why it generally is sensible to level our readers to different publications and their work to be taught extra about these sophisticated and sprawling beats.\u00a0<\/p>\n

With out additional ado, listed below are our favourite cybersecurity tales of this 12 months written by our buddies at rival shops. \u2014 Lorenzo Franceschi-Bicchierai.<\/em><\/p>\n

In one of many largest and most brazen mass-hacks in latest historical past, hackers this 12 months raided a whole bunch of insecure cloud storage accounts hosted by cloud computing firm Snowflake, relied on by a number of the world\u2019s largest tech and telecom firms. The hackers then held the large troves of stolen knowledge for ransom. One sufferer of the hacks, AT&T, confirmed that it lost the call and text records of \u201cnearly all\u201d<\/a> of AT&T\u2019s 110 million prospects within the breach, accounting for greater than 50 billion name and textual content information.\u00a0<\/p>\n

Days after AT&T went public with information of its breach, impartial safety reporter Kim Zetter<\/a> broke the information that AT&T had weeks earlier paid a hacker $370,000 to delete the huge cache of stolen phone records<\/a> and never publicly launch the information. Zetter\u2019s reporting uncovered a serious piece within the puzzle of who was behind the intrusions \u2014 on the time identified solely as UNC5537 by Mandiant \u2014 and who had been later identified as Connor Moucka and John Binns and indicted for their role<\/a> within the mass-thefts from Snowflake\u2019s buyer accounts. \u2014 Zack Whittaker.<\/em><\/p>\n

Kashmir Hill\u2019s newest investigative report in The New York Times<\/a> revealed that automakers are sharing customers\u2019 driving habits and habits with knowledge brokers and insurance coverage firms, which use the information to hike buyer charges and premiums, a dystopian use of a driver\u2019s personal info in opposition to them. For GM automobile house owners, drivers are often not informed<\/a> that enrolling in its Good Driver function would mechanically lead to autos sharing their driving habits with third-parties. The story prompted a congressional inquiry<\/a>, which revealed that the carmakers bought customers\u2019 knowledge in some circumstances for mere pennies. \u2014 Zack Whittaker.<\/em><\/p>\n

That is only a wild story. If this story was a film \u2014 heck, it ought to be \u2014 it might nonetheless be surprising. However the truth that this really occurred is simply unbelievable. Zach Dorfman pulled off an unbelievable feat of reporting right here. Writing about intelligence operations isn’t straightforward; by definition, these are supposed to remain secret eternally. And this isn’t a type of tales that the intelligence neighborhood would secretly be glad to see on the market. There\u2019s nothing to be proud or glad right here. I don\u2019t need to spoil this story in any manner, you simply must learn it. It\u2019s that good. \u2014 Lorenzo Franceschi-Bicchierai.<\/em><\/p>\n

This isn’t purely a cybersecurity story, however in some methods crypto has at all times been a part of hacking tradition. Born as a libertarian pipe dream, it\u2019s been clear for a few years<\/a> that Bitcoin and all its crypto offshoots don’t have anything to do with what Satoshi Nakamoto, the mysterious inventor of the cryptocurrency and blockchain know-how, imagined again in 2008 in his founding paper on Bitcoin. Now, crypto has grow to be a software for the far-right to wield their energy, as Charlie Warzel explains very properly on this piece. \u2014 Lorenzo Franceschi-Bicchierai.<\/em><\/p>\n

Bloomberg\u2019s Katrina Manson received the news that no person else may: drug distributor Cencora paid a $75 million ransom to an extortion gang<\/a> to not launch delicate private and medical-related knowledge on upwards of round 18 million folks following an earlier cyberattack. Cencora was hacked in February, however steadfastly and frequently refused to say what number of people had their info stolen \u2014 despite the fact that public filings showed upwards of 1.4 million affected individuals and rising<\/a>. TechCrunch had been chasing this story concerning the alleged ransom cost for a while (and we weren\u2019t the one ones!) after listening to rumblings that Cencora had paid what’s believed to be the largest ransomware cost up to now. Bloomberg\u2019s Manson received the main points on the bitcoin transactions and confirmed the ransom funds. \u2014 Zack Whittaker.<\/em><\/p>\n

\n
\n
\n

The hackers behind a cyberattack in opposition to the drug distributor Cencora Inc. acquired a complete of $75 million, the most important identified cyber extortion cost ever made, in response to folks accustomed to the matter.https:\/\/t.co\/ZLf3piC8ou<\/a><\/p>\n

\u2014 Katrina Manson (@KatrinaManson) September 18, 2024<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

I\u2019ve lined ransomware for years, and whereas the hackers behind these data-theft assaults are sometimes prepared to speak, the victims of those assaults sometimes aren\u2019t so eager to open up. Bloomberg\u2019s Ryan Gallagher achieved the near-impossible by getting the U.Ok.-based supply firm Knights of Previous to reveal all about a ransomware attack<\/a> that resulted within the firm shuttering after 158 years in enterprise. Paul Abbott, Knights\u2019 co-owner, spoke frankly concerning the assault, giving readers a glimpse into the devastation attributable to the Russia-linked hacking gang. Abbott revealed how \u2014 and why \u2014 the corporate determined to not negotiate, ensuing within the publication of greater than 10,000 inside paperwork. This leak, Abbot disclosed, meant the corporate couldn’t safe a mortgage or promote the corporate, forcing it to shut its doorways for good. \u2014 Carly Web page.<\/em><\/p>\n

404 Media has completely been killing it within the 12 months or so after it launched. There have been loads of nice tales however this one stood out for me. Right here, Joseph Cox and different journalists acquired the identical dataset, and he neatly determined to give attention to one main challenge in his story: How cellphone location may assist determine folks visiting abortion clinics. With Donald Trump returning to the White Home, and the Republican Get together controlling all branches of presidency, it’s doubtless that we are going to see additional challenges to abortion rights and entry, making this sort of surveillance particularly harmful. \u2014 Lorenzo Franceschi-Bicchierai.<\/em><\/p>\n

I’ve been masking crypto hacks and heists on and off for just a few years now. It’s a fascinating world stuffed with grifters, scammers, hackers \u2014 and dogged investigators. Some of the intriguing characters is a person who goes by the deal with ZachXBT. For years, he has been unraveling a number of the most intricate crypto mysteries, hacks, heists, scams and cash laundering operations. This 12 months, Andy Greenberg at Wired did an amazing job profiling ZachXBT. And even when Greenberg couldn\u2019t reveal the detective\u2019s real-world identification and withheld a variety of figuring out info, the story painted a vivid image of the investigator and his motivations. \u2014 Lorenzo Franceschi-Bicchierai.<\/em><\/p>\n

\n
\n
\n

Since 2021, crypto sleuth @zachxbt<\/a> has helped get better almost half a billion $ for rip-off\/theft victims. Final month he cracked a $243m heist, the largest ever to focus on a single individual.<\/p>\n

He is by no means revealed his identify or face, however spoke to me for this profile: https:\/\/t.co\/4UZF28wfM4<\/a><\/p>\n

\u2014 Andy Greenberg (@agreenberg on the different locations) (@a_greenberg) October 24, 2024<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

Wired\u2019s Andy Greenberg received the news on one other main China backed-hacking marketing campaign. The attention-opening report, published in October<\/a>, reveals how researchers working for Chengdu-based cybersecurity agency at Sichuan Silence and the College of Digital Science and Know-how of China spent years researching vulnerabilities in Sophos firewalls. The vulnerabilities subsequently utilized by Chinese language-government backed hacking teams, such as APT41<\/a> and Volt Typhoon<\/a>, to plant backdoors in Sophos firewalls utilized by organizations world wide and steal their delicate knowledge. The five-year-long marketing campaign, as also detailed by Sophos itself<\/a>, resulted within the compromise of greater than 80,000 firewall units globally \u2014 together with some used within the U.S. authorities. Following Greenberg\u2019s reporting, the U.S. authorities sanctioned<\/a> the Chinese language cybersecurity firm and one in every of its staff for his or her function within the widespread hacking marketing campaign. \u2014 Carly Web page.<\/em><\/p>\n

The Salt Storm hack of U.S. telephone and web giants won’t solely go down as one of many largest cybersecurity tales of 2024, but in addition as one of many largest hacks in historical past. The Wall Street Journal impressively got the scoop on this story<\/a>, reporting in October that Salt Storm, a Chinese language government-backed hacking group, had penetrated the networks of a swath of U.S. telecom suppliers to entry info from techniques the federal authorities makes use of for court-authorized community wiretapping requests. The WSJ\u2019s glorious reporting kickstarted months of follow-ups and prompted motion from the U.S. authorities, which has since urged Americans to switch to encrypted messaging apps<\/a>, resembling Sign, to attenuate the danger of getting their communications intercepted. \u2014 Carly Web page.<\/em><\/p>\n

KYC, or \u201cknow your buyer\u201d checks, are a number of the most relied upon strategies that banks and tech firms use to attempt to affirm it’s actually you they’re coping with. KYC entails your driver\u2019s license, passport, or different sort of ID, and checking \u2014 to the best diploma attainable \u2014 the authenticity of the doc. However whereas fakes and forgeries are inevitable, generative AI fashions are rendering these KYC checks totally ineffective. 404 Media explored the underground site where \u201cneural networks\u201d churn out fake IDs at speed<\/a>, which was a superb method to expose how straightforward it’s to generate faux IDs on the fly which can be able to enabling financial institution fraud and felony cash laundering. The location went offline<\/a> following 404 Media\u2019s reporting. \u2014 Zack Whittaker.<\/em><\/p>\n

\n
\n
\n

New: contained in the underground website the place “neural networks” churn out faux IDs
\u2013 I examined, made two IDs in minutes
\u2013 used one to efficiently bypass the identification verification test on a cryptocurrency alternate
\u2013 huge implications for crime, cybersecurityhttps:\/\/t.co\/hCjHWbKJPf<\/a> pic.twitter.com\/sd8ofmdEOE<\/a><\/p>\n

\u2014 Joseph Cox (@josephfcox) February 5, 2024<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<\/div>\n