Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Caesars and MGM both caught up in Scattered Spider’s web
Bloomberg is reporting that a few weeks back, another Las Vegas giant, Caesars Entertainment, paid “tens of millions of dollars” to the group Scattered Spider, which allegedly paralyzed the operations of MGM Resorts. According to CrowdStrike, Scattered Spider is an affiliate of ALPHV, and is also known as OktaPus because it “targets users of tech company Okta’s identity and access management services.” With Caesars, the group claims to have “obtained access to an outside vendor before entering the company’s network.” A report from Trellix says the Scattered Spider group is “known to impersonate IT personnel especially through LinkedIn, and uses social engineering to persuade company officials to run remote monitoring and other tools. From there, they exploit vulnerabilities and use tools like “Stonestop” to evade security software.” According to The Record, “members of the group spoke to the Financial Times and TechCrunch this week, claiming their original goal was to attack MGM’s slot machines only and use paid mules to slowly milk the devices. But when that failed, they turned to their tried-and-true methods of attack, eventually encrypting the company’s systems.”
More needs to be done for mental health in cybersecurity say studies (pair with NK targeting security workers through X)
The stresses and work demands of cybersecurity are taking a severe toll on the people in charge of preventing and resolving problems, and this is leading to serious mental health issues including burnout, substance abuse, and even suicide. This according to a group of cybersecurity workers speaking to Cyberscoop this past week, with the goal of raising awareness and implementing better protections. The story quotes a study from Tines that showed that “66% of respondents had ‘significant levels of stress at work,’” and one from Gartner that predicted that nearly half of cybersecurity leaders will change jobs by 2025, 25% for different roles entirely, due to work-related stress.
Hackers access sensitive data of thousands of Airbus vendors
Data allegedly belonging to Aviation and Aerospace manufacturer, Airbus, was leaked on the dark web by a hacker dubbed USDoD. The hacker allegedly accessed data of 3,200 Airbus vendors, including contact details such as names, addresses, phone numbers, and email addresses. USDoD said they “exploited employee access from a Turkish Airline” to acquire access to the data. It appears the victim downloaded a version of the Microsoft .NET framework which was infected with RedLine info-stealing malware. A sample of the data leaked on BreachedForums shows that Rockwell Collins and Thales Group were among the affected vendors. USDoD is the same threat actor that leaked the FBI’s InfraGard database back in December and claims to be a member of the Ransomed cybercrime group.
UK government sees record critical IT infrastructure attacks
The Record’s Alexander Martin reports that according to data obtained in a Freedom of Information Act request, in the first half of 2023, critical IT infrastructure service companies reported 13 cyber attack that significantly disrupted operations. This shows an increase from four such attacks in each of the last two years. IT companies must report disruptive cyber incidents to relevant authorities under the Network & Information Systems Regulations. Experts consulted by The Record suggest this increased reporting comes from a better understanding of regulatory requirements, rather than increased attack volume.
Thanks to today’s episode sponsor, Conveyor
Ransomware costs Sri Lankan government months of data
Sri Lanka’s Information and Communication Technology Agency, or ICTA confirmed its Lanka Government Cloud or LCA System suffered a massive ransomware attack. The attack began on August 26th, after government domain users reported receiving suspicious links. The ICTA estimates the attack impacted all gov[dot]lk email addresses. While IT workers restored systems within 12 hours of the attack, a lack of available backups resulted in data from May 17th through August 26, 2023 permanently lost. ICTA CEO Mahesh Perera said the attackers used vulnerabilities in Microsoft Exchange Version 2013 utilized by LCA.
CISA offers free security scans for public water utilities
The US Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities to help protect them from cyberattacks. The program was co-developed with the Environmental Protection Agency (EPA), Water Sector Coordinating Council (WSCC), and the Association of State Drinking Water Administrators (ASDWA) and CISA has requested that all drinking and wastewater system operators enroll. As part of the program, CISA will run weekly scans of a facility’s internet-exposed endpoint vulnerabilities. It will then run subsequent scans to confirm whether the water utilities have taken steps to mitigate the issues.
New RepoJacking attack exposed thousands of GitHub repos
Checkmarx researchers discovered a new RepoJacking vulnerability in GitHub could have exposed over 4,000 packages. RepoJacking allows attackers to publish a rogue repository using an old repository username after the legitimate creator changes the username. GitHub implemented a namespace retirement control, but the researchers were able to bypass the mechanism by leveraging a race condition, with an API request issued almost simultaneously to create a new repository and change the account’s username. The researchers recommend avoiding use of retired namespaces and checking code for dependencies that could lead to hijacking of the repository.
Regulators questionTesla’s no-hands policy
A software update in Tesla cars is allowing drivers to spend less time with their hands on the steering wheel. The National Highway Traffic Safety Administration has asked for more information from Tesla regarding how many cars have received this update, and what the company’s plans are. This is on the heels of a substantial jump in crashes and deaths that may have involved AI systems. Tesla has installed cameras that watch drivers to ensure they don’t spend too much time driving hands-off, but not all models have them, and drivers themselves see this technology as a bit of a nag.