Data Breach

26
Sep
2023

MGM Attack Updates

MGM Attack UpdatesThe MGM Resorts cyberattack is an illustration of how attack vectors evolve and compound as hacker groups grow and become more sophisticated. The MGM Casino and Hotel finally put reservation services back online Friday, 12 days after the initial breach. The casino still had slot machines and other services offline last week as the company recovered from the attack two weeks ago.

Early reports reveal the group responsible for the attack are young, 17-22 years old, native English speakers, and have been active for less than two years. The group, which goes by many names online, including Scattered Spider, got its start by using SIM-swapping attacks to steal cryptocurrency. They scoured social media for personally identifiable information (PII) and became well-practiced at convincing mobile phone carriers to move SIM access to criminal devices.

The hacker group used its recently perfected social engineering skills and moved to larger victims. They targeted third-party help desks and call centers in order to attack the multiple businesses the call center serves. They used social engineering combined with SIM-swapping to steal credentials and convince help desk employees they were internal users. Once inside, they spend considerable time searching internal documents to obtain escalated or admin network privileges. With this access, the group works at a very high tempo, exfiltrating considerable amounts of data over just a few days.

The group used this attack vector to steal customer data from Western Digital in March. However, the move to ransomware is another leap in sophistication for the young hacker group. Early reports show the group partnered with the group ALPHV, the Russian hacker group responsible for the Colonial Pipeline attack that revealed the vulnerability of national infrastructure in 2021. This latest attack on Caesars Casinos and MGM Resorts has put the rising hacker group in the spotlight of cybersecurity firms and law enforcement.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security
12
Sep
2023

API Attack

API AttackAs a small business owner, APIs may not be a daily business concern, but they are necessary to understand because they represent a new attack vector in the cybersecurity landscape. Application Programming Interfaces (APIs) are the pathways that connect different software programs to one another. For example, when you search for a hotel on a travel aggregate site, you are utilizing APIs. The site can access hundreds of hotel databases and return search results that fit your parameters. APIs are the connections that make those search results possible.

However, criminals recognize APIs commonly transmit personal, medical, or financial data and are finding new ways to attack the connections. Criminals are using many of the attack vectors we have covered in the past to steal or disrupt the data that flows over an API. Distributed denial-of-service (DDoS), Man-in-the-middle (MitM), and stolen credentials are all techniques criminals use to steal data that moves over APIs.

Financial services, manufacturing, and healthcare are some of the leading industries that use software connected by APIs. This software streamlines communication, improves collaboration, increases productivity, and helps manage business documents. Like all technology, the benefits of API also introduce data security risks. Any time you give a third party access to your company’s data, it exposes that data to some risk.

It’s important to understand the risk, ensure the vendor or software solution is trusted, and only give access to the data needed to perform the job. Authentication is another critical step in securing data that moves over an API. Higher-level authentication keys and tokens are now available to avoid access with stolen passwords. Lastly, encryption is vital for the data stored and moving across the web. It’s estimated that 80% of web traffic moves through APIs, so advanced encryption should be at the top of the list of any new API tool.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts
06
Sep
2023

Summer Security Trends

Summer Security TrendsSecurity experts saw an uptick in malware in the first three summer months due to increased mobile device and computer activity. From May to July, malware claimed the spotlight, making up 58% of all reported cyber threats. The primary entry point for malware was phishing at almost 25%, followed by adware at 8%. Users tend to be online looking for sales, vacation opportunities, and back-to-school shopping, which all have potential phishing opportunities attached to them.

This research comes behind Q1 research showing criminals adapting their threats to the security landscape. The study shows information technology organizations overtook financial institutions for the number one targeted category of malicious emails. The change reflects the dedication of financial institutions to invest in cyber security to defend against phishing attacks and the talent shortage in information technology that has dominated security news.

Additionally, in Q2, the study found that 58% of the malicious emails relied on deceptive content, while 42% included harmful links. This emphasis on malicious content clarifies the prevalence of business email compromise (BEC) scams, comprising 48% of scam emails in the same quarter. BEC scams are notorious for favoring content-based deception over links or attachments in their fraudulent email schemes.

The report also highlighted a change in the type of attack vector criminals use. Malicious emails used QR codes as a primary attack method to link users to a phishing page. The use of QR codes is a response to users’ education on traditional phishing attack vectors and a trust of QR codes through restaurant and public use. QR codes also introduce a second device to the attack if users access the link with a mobile phone.

It’s essential to keep your employees updated on the most common attack vectors we are seeing in the wild. Your employees are your first line of defense against security threats. Continuous education on cybersecurity trends helps to keep those defenses strong.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business
29
Aug
2023

SIM Swapping is Back

SIM Swapping is BackSIM swapping is a cybercrime category we have explored in the past, but recently, we have seen the tactic regain popularity in the financial and cryptocurrency sectors. SIM swapping is the act of taking control of a victim’s phone number and transferring that control to a different phone. Criminals then use the phone number for SMS authentication of websites or to impersonate the victim to create a scam or attack the victim’s contacts. The most popular method criminals use to acquire SIM credentials is to call the mobile carrier and impersonate the customer. The criminal must have personally identifiable information (PII) about the customer and some sort of password or PIN, depending on the carrier, to relocate the SIM information. The PII and password information could be found in a data dump from a past data breach, but the steps the attacker must go through make these attacks highly targeted.

An employee from the financial company Kroll was subject to a SIM swapping attack last week, allowing hackers to access bankruptcy claims and customer information. The company called out the carrier in question in its security advisory, saying, “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request.”

The US Cybersecurity and Infrastructure Security Agency (CISA) released a report earlier this month highlighting hacker groups using SIM swapping to bypass industrial standard security tools.

“The Board examined how a loosely organized group of hackers, some of them teenagers, were consistently able to break into the most well-defended companies in the world,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. The report proposed businesses adopt passwordless authentication in response to the inability of mobile carriers to secure their customers.

It’s clear that SIM swapping is still a popular attack vector in some business sectors. Often, PII can be skimmed from social media and previous data breaches. Employees should be aware of the information they share on social media, and businesses should explore authenticator tools that do not use SMS messaging and, eventually, passwordless solutions.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business