Cyber Risk Update 15 SEP 2023

Trends

• Phishing emails impersonating senior executives are down 11%, but attacks impersonating company IT teams are up 19% as employees caught on to the VIP impersonation ruse, according to Darktrace data. https://www.scmagazine.com/news/multistage-payload-attacks-it-team-impersonations-up-as-ai-adopted-at-large

Events

• September 27, 2023 Water Sector Cyber Threat Web Briefing - Discover What Attackers See: CISA's Vulnerability Scanning Service for Visibility. https://www.waterisac.org/event/water-sector-cyber-threat-web-briefing-discover-what-attackers-see-cisas-vulnerability

Incidents

• Hackers behind MGM cyberattack thrash the casino’s incident response. MGM rushed through response owing to incompetent staff, had multiple system vulnerabilities, and did not care about customer safety, alleged ransomware group ALPHV who also blamed VX underground for spreading misinformation. https://www.csoonline.com/article/652575/hackers-behind-mgm-cyberattack-thrash-the-casinos-incident-response.html

• MGM and Caesars employees’ logins ‘hacked and traded’ on cybercriminal forums. Weak passwords linked to IT staff at both casino operators were sold recently to other hackers, security company says https://www.ft.com/content/3428d3b3-7283-4650-bd5d-2120b52f70cd

• Cyber incident hits Auckland Transport's HOP system, believed to be ransomware https://www.stuff.co.nz/auckland/auckland-top-stories/300971037/cyber-incident-hits-auckland-transports-hop-system-believed-to-be-ransomware

• In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle "USDoD" had infiltrated the FBI's vetted information sharing network InfraGard, and was selling the contact information for all 80,000 members. The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold. But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors. https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/

Nation States

• Iran's Charming Kitten Pounces on Israeli Exchange Servers. Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent. https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers

• Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html

TTP and Malware

• Overcoming the Rising Threat of Session Hijacking. Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened. https://www.darkreading.com/vulnerabilities-threats/overcoming-rising-threat-session-hijacking

Vulnerabilities

• Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do. https://krebsonsecurity.com/2023/09/adobe-apple-google-microsoft-patch-0-day-bugs/