Wednesday, May 22, 2024

A Ransomware Gang Claims to Have Hacked the Security Camera Company Amazon Ring

There has been a recent cyber attack on Amazon’s popular security camera company, Ring, which was attributed to a ransomware group ALPHV that uses the BlackCat malware

This group has now claimed responsibility for the attack and is now threatening to leak the data from the company.

There are at least two thousand police departments around the country that have partnered with Amazon to make sharing footage with law enforcement as easy as possible for their users.

It is no secret that the cameras and the footage they take, often posted online, have become so popular. In response, Amazon launched a television show called “Ring Nation,” which is a variety show around Ring cameras that includes mostly bloopers recorded by the cameras.

It is important to note that after the news of the data breach broke out, in a statement issued to Motherboard, Ring said it did not have evidence that any of its systems had been compromised but that a third-party vendor had been infected with ransomware.

A Ransomware Gang Claims to Have Hacked Ring

As part of the attack, ALPHV raised the alarm, saying that its malware, BlackCat, had been used to carry out the attack. Affiliate groups of victims who refuse to pay the ransom have access to a searchable database created by the BlackCat malware authors.

ALPHV has a dedicated “leak site,” as do many other groups of this kind, where its members selectively release data they have stolen during an attack. This week, ALPHV posted a message on its page for Ring that states:- 

“There’s always the option to let us leak your data…” 

But after the post, the threat actors have not posted anything about it.

No Customer Data Has Been Affected

The fact that companies initially deny that a hack has compromised customer data is not uncommon, but in reality, the data has been compromised due to a security breach.

A privacy and security practice of Ring has drawn controversy in the past since third parties are used to collect and share information about its users and its own privacy practices.

Although Ring claims that it prioritizes the security and privacy of its customers, we have seen numerous instances where these claims have failed to live up to the claims and have resulted in harming the customers and community members who use Ring.

As of now, Ring has not confirmed whether or not the hackers were able to access any of its users’ data, so there is not yet any guidance for Ring users on how to deal with the situation.

Almost all Ring doorbells and security cameras are compatible with E2EE (end-to-end) encryption, which is available in most regions. Therefore, neither any government entity, hackers, nor even its parent company, Amazon, will be able to access the footage that has been uploaded.

Network Security Checklist – Download Free E-Book

Related Read

Website

Latest articles

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles