Welcome to the latest issue of GlobalSign's NewsScam. This month has been marked by some major hacks including; MGM and Caesar's, a revelation from leading bleach supplier Clorox that it has been repeatedly attacked since August, stolen Airbus data on 9/11 is released by a hacker , British and Irish police were impacted by numerous cybersecurity issues, plus cybercriminals were busy conducting campaigns on a variety of social platforms. And what happens if the U.S. government shuts down on September 30th? Will CISA be able to continue its critical work, or will hackers have a field day? Read all about it below for details…
Two Gambling Giants Weren't So Lucky in September
After this month, it's clear that the gambling business isn't all sparkles and diamonds. Both MGM and Caeser’s were dealt a very bad hand when these world-famous casinos were targeted by cyber criminals. Caesar's Entertainment, the world's largest casino company, paid $15M after hackers broke into the company’s systems, in recent weeks, and threatened to release the company’s critical data.
The incident was confirmed in a September 14th U.S. Securities and Exchange Commission (SEC) filing. The filing says that on September 7th the company discovered an “unauthorized actor” had “acquired a copy of, among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database.” The bad actors behind the attack, Scattered Spider or UNC 3944, are known for social engineering-focused attacks to gain access to large corporate networks. The entire event was due to the breach of an outside IT vendor, which gave Scattered Spider access to Caesar’s network.
As for MGM Resorts International, one of the biggest casino operators in Las Vegas, it too suffered a major cybersecurity breach. The incident was widespread, causing major problems for the casino operator, such as slot machines and ATMs crashing. It even rendered some hotel guests unable to check in or access their rooms. The Russian-based cybercrime gang behind the attack, ALPHV/BlackCat, supposedly hijacked MGM's system via LinkedIn and then made a seemingly innocent phone call. According to Vegas Slots Online, the hackers found the “details of an employee, then pretended to be that person in a ten-minute phone call with MGM security.”
Clorox Got its Clock Cleaned by a Cyberattack
If you love Clorox Wipes, it could be awhile before you are able to get your hands on them at the store. That's because a recently disclosed cyber-attack has impacted the company and its production of their famous bleach wipes. Clorox has said it is struggling to meet demand for products like their bleach wipes and other household staples as it recovers from an attack, identified by the company on August 14th.
The impact of the attack was significant enough to force the company to process orders manually. Fortunately, Clorox says it has resumed production and systems should be back to normal by the end of September. The cyberattack at Clorox is being closely watched by business leaders now that the SEC has enacted new rules about disclosing cyberattacks that went into effect on September 5th. At this time, it is unclear who is responsible for the incident and whether it had involved ransomware. Some have said that while the attack has the hallmarks of ransomware, the fact that nobody has claimed responsibility for it makes it less likely.
Hacker Drops Stolen Airbus Data on Anniversary of 9/11 Attacks
European airspace giant Airbus, confirmed this month, a data breach which exposed confidential business information via a compromised Turkish Airlines employee account. Threat intelligence firm Hudson Rock said the bad actor responsible is USDoD, who used the Redline info-stealer malware to conduct the attack against Airbus. Redline malware works by gathering passwords and session cookies, which allows a cyber-criminal to bypass multifactor authentication.
In this Cybernews article, Hudson Rock says that the “Turkish airline employee infected their computer after downloading a “pirated version of the Microsoft .NET framework.” Not only is USDoD the same person/entity who attacked the FBI last year, the data stolen from Airbus was released on September 11th, the 22nd anniversary of the 9/11 attacks. It does not appear to be a coincidence. According to security industry guru Brian Krebs, the attacker (USDoD) did not specify why they dropped the data on September 11th, however, a message accompanying the data leak alluded to the fact there may be more behind the attack than what meets the eye.
Greater Manchester (UK) Police ID Badge Details Stolen in Supplier Data Breach
Police in Manchester (UK) were impacted by a data breach earlier this month. The leaked data originated from police ID badges and was stolen from a third-party supplier, who were caught in a supposed ransomware attack. While data that may have been accessed included names, ranks, photos and serial numbers, it appears that any financial information remained untouched. The UK's National Crime Agency is investigating the incident. It should be noted that the incident in Manchester is quite similar to the hack on London's Metropolitan Police last month. (Probably not a coincidence, right?) In that case, details such as names, ranks, and ID numbers were stolen after hackers broke into the IT systems of another supplier – in this case, a contractor that printed warrant cards and staff passes. These incidents come on the heels of yet another attack that occurred last month in Northern Ireland – forcing the police chief to resign on September 3rd.
Bad Actors Cause Mayhem on TikTok, Facebook, LinkedIn and X (Formerly Twitter)
Meanwhile, this should come as no surprise to anyone, but hackers are taking advantage of all the top social media platforms to inflict damage and make some money illegally. For example, they are using fake and compromised Facebook business accounts to send millions of messages via Facebook Messenger. The bad actors are reportedly using password-stealing malware to conduct the campaign. A new report from researchers at Guardio Labs is warning that about one out of 70 accounts ends up compromised resulting in “massive financial losses.” According to Bleeping Computer, the hackers send phishing messages to the business accounts regarding supposed copyright violations or more information about a product. It all goes downhill from there.
Another story from Bleeping Computer describes how TikTok is being used in an Elon Musk-themed cryptocurrency scam. The article explains how hackers are flooding the video sharing platform with fake crypto giveaways, predominantly evoking themes ala Musk, Tesla and SpaceX. The scams are apparently quite successful, enabling bad actors to steal millions of dollars in cryptocurrency.
Meanwhile, on LinkedIn, hackers are seeking to hijack user accounts, according to a round-up from CBS17. The hackers are taking advantage of the fact that LinkedIn users are reusing passwords that they have also used for critical accounts (I.e. banks, retirement, etc.) The good news is that LinkedIn is able to resolve this, but it can take time for that to happen. Experts recommend changing your passwords immediately. Finally, a cyber-criminal gang known as Anonymous Sudan is allegedly attempting to pressure Elon Musk to introduce his Starlink satellite service in Sudan. They did so by taking X offline in more than a dozen countries. The late August incident impacted thousands for at least two hours.
Governments and Government Entities Across the Globe are Feeling the Pain
Government hacks have become a regular occurrence but naturally the idea of them continuously being the target of hackers should be concerning to everyone. Governments worldwide seem to be either in the firing line or working on improving their cyber health. In early September, the UK’s Electoral Commission admitted that it had failed a basic cyber-security test almost at the same time that hackers were able to access the organization's systems. The incident was ongoing for more than a year between August 2021 and October 2022. It allowed unauthorized access to email correspondence and sensitive voter databases.
In Latin America, at least 50 Government Organizations in Colombia have become the victims of a large-scale ransomware attack which appears to have originated by an IP provider in mid-September. Jamacia was also impacted by an attack on September 22nd, and the International Criminal Court on September 19th announced its computer system – which holds some of the world's most sensitive information about war crimes – was hacked.
In the U.S., the White House is considering a rating system to improve the security of critical infrastructure (water, rail, aviation, energy and other sectors) and the Cybersecurity and Infrastructure Security Agency (CISA) has been given more than 100 recommendations by its Cybersecurity Advisory Committee. The recommendations include policy measures for bolstering cybersecurity awareness among corporate boards, establishing a national cybersecurity alert system, and ensuring cybersecurity defenses for high-risk communities. But, CISA could have its wings clipped if the US government shutdown occurs this weekend. At the moment , it looks as if the shutdown cannot be averted – and that has got some politicians worried about the cybersecurity posture of the U.S. – after all, when the cat is away, mouse will play.