infrastructure

26
Sep
2023

MGM Attack Updates

MGM Attack UpdatesThe MGM Resorts cyberattack is an illustration of how attack vectors evolve and compound as hacker groups grow and become more sophisticated. The MGM Casino and Hotel finally put reservation services back online Friday, 12 days after the initial breach. The casino still had slot machines and other services offline last week as the company recovered from the attack two weeks ago.

Early reports reveal the group responsible for the attack are young, 17-22 years old, native English speakers, and have been active for less than two years. The group, which goes by many names online, including Scattered Spider, got its start by using SIM-swapping attacks to steal cryptocurrency. They scoured social media for personally identifiable information (PII) and became well-practiced at convincing mobile phone carriers to move SIM access to criminal devices.

The hacker group used its recently perfected social engineering skills and moved to larger victims. They targeted third-party help desks and call centers in order to attack the multiple businesses the call center serves. They used social engineering combined with SIM-swapping to steal credentials and convince help desk employees they were internal users. Once inside, they spend considerable time searching internal documents to obtain escalated or admin network privileges. With this access, the group works at a very high tempo, exfiltrating considerable amounts of data over just a few days.

The group used this attack vector to steal customer data from Western Digital in March. However, the move to ransomware is another leap in sophistication for the young hacker group. Early reports show the group partnered with the group ALPHV, the Russian hacker group responsible for the Colonial Pipeline attack that revealed the vulnerability of national infrastructure in 2021. This latest attack on Caesars Casinos and MGM Resorts has put the rising hacker group in the spotlight of cybersecurity firms and law enforcement.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security
06
Sep
2023

Summer Security Trends

Summer Security TrendsSecurity experts saw an uptick in malware in the first three summer months due to increased mobile device and computer activity. From May to July, malware claimed the spotlight, making up 58% of all reported cyber threats. The primary entry point for malware was phishing at almost 25%, followed by adware at 8%. Users tend to be online looking for sales, vacation opportunities, and back-to-school shopping, which all have potential phishing opportunities attached to them.

This research comes behind Q1 research showing criminals adapting their threats to the security landscape. The study shows information technology organizations overtook financial institutions for the number one targeted category of malicious emails. The change reflects the dedication of financial institutions to invest in cyber security to defend against phishing attacks and the talent shortage in information technology that has dominated security news.

Additionally, in Q2, the study found that 58% of the malicious emails relied on deceptive content, while 42% included harmful links. This emphasis on malicious content clarifies the prevalence of business email compromise (BEC) scams, comprising 48% of scam emails in the same quarter. BEC scams are notorious for favoring content-based deception over links or attachments in their fraudulent email schemes.

The report also highlighted a change in the type of attack vector criminals use. Malicious emails used QR codes as a primary attack method to link users to a phishing page. The use of QR codes is a response to users’ education on traditional phishing attack vectors and a trust of QR codes through restaurant and public use. QR codes also introduce a second device to the attack if users access the link with a mobile phone.

It’s essential to keep your employees updated on the most common attack vectors we are seeing in the wild. Your employees are your first line of defense against security threats. Continuous education on cybersecurity trends helps to keep those defenses strong.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business
29
Aug
2023

SIM Swapping is Back

SIM Swapping is BackSIM swapping is a cybercrime category we have explored in the past, but recently, we have seen the tactic regain popularity in the financial and cryptocurrency sectors. SIM swapping is the act of taking control of a victim’s phone number and transferring that control to a different phone. Criminals then use the phone number for SMS authentication of websites or to impersonate the victim to create a scam or attack the victim’s contacts. The most popular method criminals use to acquire SIM credentials is to call the mobile carrier and impersonate the customer. The criminal must have personally identifiable information (PII) about the customer and some sort of password or PIN, depending on the carrier, to relocate the SIM information. The PII and password information could be found in a data dump from a past data breach, but the steps the attacker must go through make these attacks highly targeted.

An employee from the financial company Kroll was subject to a SIM swapping attack last week, allowing hackers to access bankruptcy claims and customer information. The company called out the carrier in question in its security advisory, saying, “Specifically, T-Mobile, without any authority from or contact with Kroll or its employee, transferred that employee’s phone number to the threat actor’s phone at their request.”

The US Cybersecurity and Infrastructure Security Agency (CISA) released a report earlier this month highlighting hacker groups using SIM swapping to bypass industrial standard security tools.

“The Board examined how a loosely organized group of hackers, some of them teenagers, were consistently able to break into the most well-defended companies in the world,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. The report proposed businesses adopt passwordless authentication in response to the inability of mobile carriers to secure their customers.

It’s clear that SIM swapping is still a popular attack vector in some business sectors. Often, PII can be skimmed from social media and previous data breaches. Employees should be aware of the information they share on social media, and businesses should explore authenticator tools that do not use SMS messaging and, eventually, passwordless solutions.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business
22
Aug
2023

Asset Management

Asset managementAsset management is often the first step in understanding your business’s cybersecurity scope and potential vulnerabilities. Today on the blog, we are going back to basics to explore what asset management is in cybersecurity and how you should use it to make your business data more secure.

Often small businesses add technology quickly to fulfill a need, keep production moving, or ensure the customer experience remains at a high level. Sometimes cybersecurity is not considered when a new device or software is added, or the old technology remains online, unused, or unprotected on the internet. Asset management is about understanding all the devices, applications, SaaS, cloud storage, and third-party vendors that have access to your business data.

When a device vendor stops supporting a network device, it is referred to as end-of-life (EoL). Cybercriminals track EoL updates from manufacturers and look for these vulnerable devices on the internet. When a manufacturer EoLs a device, it throws a spotlight on that entry point because hackers know it will no longer receive security patches and updates. Criminals work quickly to break into the EoL device and use that vulnerability as an entry point into a target network.

Employees represent another variable of asset management. Employee access to data and applications should be limited to those needed to do their job. Additionally, businesses should have policies for data handling and remote work considerations. Asset management is critical when offboarding employees, especially if they are unhappy with the process. Finally, employees can bring IoT or other network devices to work, which could open up new vulnerabilities if they have access to the business network.

Asset management helps plug potential cybersecurity holes that criminals could exploit in your business. Devices left unaccounted for, unpatched software, and open or forgotten VPN access represent potential entry points for malicious actors. These three examples represent the entry points for significant, national newsworthy breaches over the past few years.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business