IT Essentials: So long silly season

Will cyber teams ever catch a break?

Gone are the days when August marked the start of the “silly season,” when the news was all skateboarding dogs and ducks crossing the road. Simpler if more boring times.

Today, it’s one of the busiest times for cybersecurity teams as, with the workforce on holiday, attackers see a prime opportunity to strike. Instead of being able to knock off early for a well-deserved pint, defenders – and perpetrators – are in overdrive.

This summer’s party pooper is a group called ShinyHunters (UNC6040). ShinyHunters has dominated the headlines this week, stealing customer data from Google, Cisco and Chanel, and likely from Pandora, Air France and KLM too. Their modus operandi? Impersonating IT support to trick teams into installing malware, giving them access to sensitive data which they then ransom or sell.

Rather than targeting companies directly, they exploit third-party providers, with Salesforce their current focus. Previously, they’ve also breached GitHub, cloud storage, websites and developer tools.

ShinyHunters’ spree follows closely on the heels of Scattered Spider, which compromised the technology supply chains of M&S, The Co-op, Harrods and others just weeks ago. Security experts believe there’s cross-pollination between these and other profit-driven groups, who learn from and compete with each other, operating as a transnational, amorphous threat.

The fact that a company as large and well defended as Google should be a victim show us that even tech giants aren’t immune from attacks by people who, when arrested, often turn out to be barely out their teens, tells us something about the porosity of enterprise infrastructure. We really need to be securing data, not just systems.

IT Essentials: So long silly season

Tags: