MGM Resorts hit by suspected Ransomware attack
MGM Resorts, was grappling with a significant IT disruption earlier this week after a cyberattack led to several systems across its facilities being temporarily shut down. Consequently, staff members at the front desk and concierge services resorted to manual pen-and-paper methods. The slot machines at many gaming areas were also rendered unusable, and there were rumours of guests being unable to access their accommodations.
The disruption commenced on Sunday, 10 September and affected multiple MGM establishments across the US. Notably impacted were many iconic casinos located on the famed Las Vegas Strip such as Bellagio, Excalibur, Luxor, Mandalay Bay, MGM Grand, and New York New York.
MGM Resorts stated that upon discovering the cyber security threat, they swiftly initiated an in-depth investigation. The company also informed the authorities, adopted measures to safeguard their systems and data, and temporarily shut down particular systems. Their probe is currently ongoing.
While the specifics of this cyber breach are yet to be revealed, Nevada's stringent breach notification laws will likely necessitate further disclosure. The extensive shutdown of multiple MGM systems points towards the possibility of a ransomware attack, which the IT and security teams are likely addressing.
UK military networks was hit by 6 million cyber attacks in 2022
During the Defence and Security Equipment International (DSEI) conference in London, General Sir Hockenhull, leader of the UK’s Strategic Command revealed that the UK's military communication systems faced over six million cyberattacks, marking an escalation in cyber warfare amidst European conflicts and tensions in the Far East.
The persistent attacks were orchestrated daily by adversarial nations and their criminal allies, coincide with intelligence reports of increased covert actions by countries such as Russia, Iran, and China and North Korea.
General Sir Jim Hockenhull, leader of the UK's Strategic Command, spoke on the issue, emphasizing the unique challenges of space and cyber realms. He stated, "These domains are being exploited to escalate information campaigns aimed at unsettling our societies or to directly compromise our fundamental capabilities."
Iranian backed hacker group targets 34 global companies
A state-backed cyber threat group, dubbed 'Charming Kitten' (also known as Phosphorus, TA453, APT35/42), has reportedly used a previously unidentified backdoor malware, termed 'Sponsor', to target 34 global companies.
One characteristic of the Sponsor backdoor is its ability to conceal seemingly harmless configuration files on the affected computer. This allows for stealthy activation using harmful batch scripts, bypassing detection mechanisms. Cyber security researchers team traced this campaign from March 2021 to June 2022. Key sectors targeted included government, healthcare, financial services, engineering, manufacturing, tech, law, and telecommunications. Countries most under threat, were Israel, Brazil, and the UAE.
The researchers highlighted that Charming Kitten chiefly exploited CVE-2021-26855, a vulnerability in Microsoft Exchange, to initially infiltrate its victims' systems. Subsequently, the culprits utilised a range of open-source tools that not only enabled data theft and system monitoring but also ensured they retained access to the breached systems.
Sri Lanka hit by massive ransomware attack that impacted all government departments
Sri Lanka's Information and Communication Technology Agency (ICTA), responsible for overseeing the country's ICT initiatives, has confirmed a significant data loss incident impacting all government offices using the “gov.lk” email domain, including the Cabinet Office.
Established to boost Sri Lanka's economy through ICT, ICTA reported a severe ransomware attack between May 17th and August 26th. This breach compromised roughly 5,000 email addresses. Worryingly, there was no backup system, either offline or online, for a crucial two-month period, meaning many emails lost during the attack are irretrievable.
Responding swiftly, ICTA announced new measures to fortify their systems. A daily offline backup process will be instituted to avert future catastrophic data losses, and the relevant software will be updated to the most recent versions to strengthen cyber defences.
Presently, ICTA and the Sri Lanka Computer Emergency Readiness Team (SLCERT) are making concerted efforts to recover the lost data. Additionally, SLCERT has alerted the public to a phishing scam targeting Sri Lankan citizens.
Ransomware gang steals 13tb from travel booking company Sabre
The ransomware group, Dunghill Leak, has announced its role in a cyber attack on the travel booking firm, Sabre. On its dark web leak site, Dunghill alleges the theft of 1.3 terabytes of Sabre data, encompassing corporate financial details, passenger statistics, ticket sales data, and employee personal information. As evidence, the group released some stolen data, showing information like employee emails, names, nationalities, passport and visa details, and US I-9 forms for specific staff. Notably, one compromised passport belonged to a Sabre vice president.
Sabre has acknowledged the allegations and initiated an investigation into the validity of Dunghill's claims. Sabre spokesperson Heidi Castle stated, “Sabre is investigating the data exfiltration claims made by the threat group.”
Although the exact timing and method of the breach remain uncertain, Dunghill's shared screenshots suggest it transpired around July 2022. In 2022, globally, there were approximately 493.33 million ransomware attempts, with the average cost of an attack standing at US$4.54m.
