Commentary on AT&T attack from Semperis
July 2024 by Sean Deuby, Principal Technologist, Semperis
The commentary from Sean Deuby, Principal Technologist, Semperis in response to the AT&T attack.
The AT&T breach being reported is massive as it appears to be impacting every customer in a five-month period between May-October 2022. The silver lining today is that AT&T is assuring customers that social security numbers, time stamps and other important user details weren’t compromised. Unfortunately, other prominent telcos have been caught up in this never-ending breach syndrome that impacts every organisation large and small.
Unfortunately, persistent threat actors are successfully targeting critical infrastructure organisations in the telecommunications and healthcare industries, looking for gaps in their security architecture until they find a weak spot and steal whatever they want. What is highly likely in all breaches is that the criminals will compromise an organisation’s identity system, such as Active Directory or Entra ID, the directory services developed by Microsoft that allows IT administrators to manage computers, devices, and employee accounts on a network, because the vast majority of attacks use these systems as a well-paved pathway to their target. This provides hackers with access to a treasure trove of personally identifiable information on employees, customers, business strategies and other sensitive information.
Organisations need to have an assumed breach mindset because threat actors will eventually breach most of their targets if they’re persistent enough. It’s not just a risk; it’s a probability. Having a backup and recovery plan in place is an essential part of improving operational resiliency. And preparing in peacetime is the key: in cases of ransomware, if you find out about the attack because you’ve received a ransom note, it’s too late. Mature IT organisations plan for, document, and rehearse scheduled systems maintenance; why wouldn’t you devote more effort to a widespread cyberattack? You can’t just pay your way out of ransomware and hope that the wolves won’t circle back to you.