In the latest edition of The Wiretap, cybersecurity firm Arkose Labs reported a significant increase in attacks on airline and hotel loyalty accounts. According to the research, attacks on airline accounts rose by 166% between the fourth quarter of 2023 and the first quarter of 2024. Popular airlines such as Singapore Airlines and Zipair are among the targets, with hackers using leaked login credentials from previous breaches to gain unauthorized access. This surge in attacks is believed to be fueled by the relatively lax security measures surrounding loyalty points compared to other sensitive data.
One of the main tactics employed by hackers is using bots to test a large volume of stolen usernames and passwords on loyalty accounts, resulting in a 30% to 40% success rate in breaching accounts. The lack of robust security measures and oversight in protecting loyalty points has made them an attractive target for cybercriminals. Subsequently, customers and airlines are urged to be more vigilant in safeguarding these accounts to prevent unauthorized access and potential loss of points.
In a separate incident, the FBI reported a scam where fraudsters tricked victims into purchasing $1.4 million worth of collectible stamps from a prominent auction house in the U.S. The swindle involved the perpetrators posing as fake government agents, warning targets of imminent threats to their bank accounts or personal data, and persuading them to transfer funds into purportedly safe accounts for temporary safekeeping. This elaborate scheme highlights the sophistication and creativity of cybercriminals in exploiting unsuspecting individuals.
On the cybersecurity front, popular remote access tool TeamViewer fell victim to a hacking incident, allegedly orchestrated by a Russian-government affiliated hacking group known as APT29 or Midnight Blizzard. Fortunately, the attack was contained within TeamViewer’s internal corporate IT environment and did not impact the product environment or customer data. Additionally, an Israeli identity verification provider, AU10TIX, experienced a data breach, potentially compromising users’ identity documents such as driver’s licenses.
In recognition of her significant contributions to the cybersecurity industry, Tarah Wheeler, a cybersecurity expert and former security leader at Splunk and Symantec, has been appointed to the board of directors at the Electronic Frontier Foundation (EFF). Wheeler’s expertise and enthusiasm are expected to enrich the organization’s mission and advocacy efforts in the realm of digital privacy and internet freedom. However, on the flip side, a 22-year-old Russian citizen, Amin Timovich Stigal, faces charges of attempting to hack into Ukrainian government systems in collaboration with Russian intelligence ahead of the 2022 invasion. Stigal’s alleged involvement in launching cyberattacks targeting Ukraine and its allies underscores the persistent threat posed by state-sponsored cyber warfare.
As cybersecurity threats continue to evolve and proliferate, individuals and organizations must remain vigilant in protecting their sensitive data from unauthorized access and compromise. Heightened awareness and proactive security measures are critical in mitigating the risks posed by cybercriminals and state-sponsored threat actors in the digital landscape.
