Funky Pigeon Hack

Funky Pidgeon has not revealed many details of the cyber incident. However, it appears to be a straightforward data exfiltration attempt. Whether this was a targeted or opportunistic attack remains unclear, and if it were successful, the stolen data would likely appear for sale on the Dark Web, used by organized crime, or by a state actor. There is also the possibility that the hackers would attempt to ransom the information in exchange for not making the attack public.

Data exfiltration is the stealing of information from a system. According to the claim, Funky Pigeon's external investigators are still "investigating the extent to which any personal data...has been accessed."

As other news outlets have noted, The Works suffered a similar attack earlier this month. Online retailers continue to be targeted by hackers as they are public-facing and generally accessible worldwide. In addition, the nature of this type of attack can make it difficult to trace or prosecute.

As both companies have taken their systems offline, it indicates a concern with the overall security of their system design. Offline, the investigators can complete a thorough system review, prevent further exploitation, and preserve forensic evidence.

To mitigate this type of attack, the system owners should keep an up-to-date threat model and consider blacklisting IP addresses outside of their target market. While blacklisting is not a guarantee, it can reduce exposure to less sophisticated attacks.

Ideally, at the earliest stage of system development, system designers working with information security professionals should create a threat model mapping the system design to technologies, vulnerabilities, and threat actors. The threat model should be updated and reviewed with each system change and upon discovering new threats and vulnerabilities.

Having a threat model allows system owners to identify weak points in their systems, document areas of improvement, and in the case of a Funkey Pigeon attack, understand where the attack took place and what aspects of the system were likely exploited by the cybercriminals.