Newsletter
Did paying the ransom … work?
Today: How AT&T might have limited the damage from a devastating breach, Google goes shopping for security talent, and the latest funding rounds in enterprise tech.
Welcome to Runtime! Today: How AT&T might have limited the damage from a devastating breach, Google goes shopping for security talent, and the latest funding rounds in enterprise tech.
(Was this email forwarded to you? Sign up here to get Runtime each week.)
Dialing for dollars
For obvious reasons, Friday's disclosure of a massive breach of user data stolen from AT&T's Snowflake account earlier this year got lost in the shuffle of a wild news weekend. But while the breach could have potentially affected nearly anyone who has made a mobile phone call in the U.S. over the last year, AT&T's response — defying cybersecurity conventional wisdom — appears to have mitigated the fallout.
Wired's Kim Zetter reported Sunday that AT&T paid a hacker behind the breach about $370,000, and in return the hacker provided video proof that the data had been deleted from a cloud server. Bloomberg later confirmed that report, adding that AT&T doesn't believe the data, which was stolen during two weeks in April, was ever made public.
- The data stolen involved records of calls and text messages of "nearly all of AT&T’s wireless customers," which can be used to identify certain people and establish relationships between groups of people, it said in a SEC filing Friday.
- According to the reports, the hacker was a colleague of John Erin Binns, who is believed to be the one who actually infiltrated AT&T's Snowflake account in April but was arrested in May for allegedly hacking T-Mobile in a separate 2021 incident.
- The hacker's account was verified by a pseudonymous security researcher, who said that despite the fact that Binns shared samples of AT&T customer data with several others only one complete dataset ever existed, and it was deleted after the hacker received a Bitcoin payment.
Cybersecurity experts have long advised against paying ransom to threat actors, partly to take away some of the economic incentives for hacking but also because it can be extremely difficult to verify if the hackers held up their end of the bargain. But companies keep doing it; 84% of security professionals surveyed earlier this year said their company had paid ransom after being attacked.
- In the most recent high-profile example, UnitedHealth Group paid hackers $22 million in April to regain control of vital data belonging to its Change Healthcare subsidiary.
- However, it acknowledged in a hearing before Congress that it could not say for sure whether or not the hackers had made copies of that data.
- But AT&T appears to have been satisfied that its customer data was actually deleted, and the company conferred with the Department of Justice several times during the months before it disclosed the breach.
- That doesn't mean there aren't some pockets of AT&T customer data floating around hacking circles, but it's hard to put a value on what the complete data set would have been worth to spies or criminals.
The hackers involved in the AT&T incident also shed a little more light on how Snowflake became ensnared in these attacks. According to Wired, the security researcher who facilitated the payment from AT&T to the hacker has been involved in "a number of negotiations" between Snowflake customers and the hackers.
- It appears Ticketmaster was the first company that had its Snowflake account accessed with stolen credentials.
- "From there, it seems the actors figured out they could target ‘snowflakecomputing.com’ domains by looking for stolen credentials. It did not take them long to compile a list and write a script to hit all of the Snowflake victims simultaneously,” the researcher told Wired.
- In response to the breaches, Snowflake rolled out new security policies last week that allow administrators to require their users implement multifactor authentication when logging into Snowflake, which would have prevented the Ticketmaster and AT&T breaches.
- But the damage has been done; if the hackers were able to make off with such an enormous amount of AT&T's Snowflake data, it's a little disconcerting to think what the companies that haven't come forward yet are trying to manage.
Nobody beats the Wiz
After ending its dalliance with Hubspot, Google Cloud is back on the acquisition hunt. The Wall Street Journal reported Sunday that Google is "near" a deal for Wiz that would value the cloud security startup at $23 billion.
Two years ago Wiz declared itself "the fastest-growing software company ever," and little seems to have changed since then. Demand for its cloud security platform, which scans customer cloud environments for vulnerabilities or misconfigurations, has soared to the point where it expects to record $1 billion in annual recurring revenue by next year, according to The Information.
The deal would be the largest in Google's history, and comes two years after the company paid $5.4 billion for Mandiant. The steady parade of Snowflake customers coming forward to acknowledge they didn't properly secure their accounts underscores just how important cloud security will remain for the modern enterprise into the foreseeable future.
Enterprise funding
Fireworks AI raised $52 million in Series B funding for its AI infrastructure service, which helps companies deploy AI models in production systems.
Vectara landed $25 million in Series A funding to build out its RAG (retrieval-augmented generation) as a service platform, a crucial but complicated technique used to reduce generative AI errors.
Kindo scored $20.6 million in new funding for its security services, designed to help administrators manage AI deployments across an enterprise.
Merly.ai raised $6.8 million in seed funding to expand its "code reasoning" service, which uses AI to help companies find and fix problems in their code bases.
The Runtime roundup
Disney also suffered an embarrassing breach last week, as hackers made off with more than a terabyte of data from its internal Slack platform.
The FTC is taking a closer look at the IBM-HashiCorp deal, which could delay the close beyond the end of the year.
Salesforce laid off 300 members of its "ohana" last month, which is a fraction of the thousands it has laid off in a push for profits over the last several years.
Google tried to offer European cloud providers about $500 million in cloud credits to keep up their fight against Microsoft, but they decided to take Microsoft's $22 million in cash instead.
Thanks for reading — see you Thursday!