Cyber Security News Roundup – 18th September 2023

There was a flurry of headlines covering cyber attacks and data breaches at some of the world's most famous entertainment brands last Thursday, alongside another cyber incident at a UK police force and an aviation giant. To learn more about each story, click the headings.

Come clean about data breaches and get lower fines, says UK's ICO

13/9

The Information Commissioner's Office (ICO) and National Cyber Security Centre (NCSC) are reportedly set to encourage UK businesses to engage in early, meaningful reporting in the event of a data breach, incentivised with reduced regulatory penalties. Eleanor Fairford, Deputy Director of Incident Management at the NCSC and Mihaela Jembei, Director of Regulatory Cyber at the ICO stated that "If attacks are covered up, the criminals enjoy greater success, and more attacks take place". This statement is underpinned by the ICO's Data Security Incident Trends Report, which found that fewer than a third of personal data breaches since 2019 were reported within the 72 hour window as stated in Article 33 of GDPR. The new policy, that will help businesses face lower fines for proactive breach reporting, has been welcomed by the cyber security industry. (Forbes)

MGM Resorts breached by 'Scattered Spider' hackers

13/9

Last week, one of the world's most famous gaming organisations, MGM Resorts, saw its IT systems taken down by a hacking group called 'Scattered Spider'. On Monday, the entertainment giant stated that it had been forced to shut down several of its systems due to a "cybersecurity issue"; the company remained paralysed three days later, causing a fall in their share value and sparking warnings that it could negatively affect their credit rating. With the cause and full impact of the incident unclear, several social media posts showed slot machines and systems down at MGM venues in Las Vegas. The attack bears all the hallmarks of a ransomware incident.

Believed to have been founded in 2022, the group reportedly behind the attack, Scattered Spider, typically uses social engineering to obtain login credentials and codes to bypass multi-factor authentication, according to Crowdstrike. Scattered Spider is one of the most aggressive threat actors currently facing US based organisations, recently targeting critical infrastructure. (Reuters)

Greater Manchester Police officers' details targeted in 'ransomware attack'

14/9

The personal details of Greater Manchester Police officers have been breached, in the same series of attacks that has also affected the Metropolitan Police. With details on warrant cards and the names, photos of individuals and police collar numbers on identity cards among the information stolen from Digital ID, the force's ID card supplier, no home address or financial information was stolen and the National Cyber Security Centre has been engaged to lead the investigation. Like many others, the Greater Manchester Police Force uses covert and counter-terrorist officers, and as such this incident is being treated "extremely seriously". A digital ID spokesperson added that upon discovery of the security incident last month, they "quickly engaged specialist external cyber and forensic consultants to conduct an investigation into the impact of this incident and the data that may be involved; this investigation remains ongoing." (Sky News)

Caesars Entertainment confirms ransom payment, customer data theft

14/9

Self-described as the largest US casino chain, Caesars Entertainment became the second US gaming giant to be embroiled in a cyber incident last week, after admitting that it paid a ransom payment to avoid the online leaking of customer data in a recent attack. Caesars did not confirm the identity of the threat actors, however Bloomberg reports suggested that it was the same criminal group that also impacted MGM; Scattered Spider. On the 7th of September, the casino operator discovered that hackers had accessed the data of their loyalty program, which stores its customers' driving licence and Social Security numbers. The Wall Street Journal is further reporting that the paid ransom fee amounted to $15 million - half of the initially demanded $30 million - and despite this, Caesars is unable to provide full assurance of the threat actor's actions; the sale of the stolen data is still a possibility. (Bleeping Computer)

Data on over 3,000 Airbus suppliers leaked after breach

14/9

An alleged ransomware operator going by the alias USDoD has leaked data on over 3,000 suppliers to Airbus. With the dataset understood to include names, addresses and contact details of Airbus suppliers' staff, some of whom are highly sensitive, the threat actor supposedly penetrated Airbus' systems with a hacked customer account belonging to Turkish Airlines. The initial victim attempted to download a pirated version of the Microsoft.NET framework, but instead fell victim to a RedLine Infostealer, stealing their credentials and allowing USDoD to gain access to Airbus' network. With Infostealer infections surging by 6,000% since 2018, they are now one of the primary attack vectors used by criminals to execute cyber attacks and infiltrate organisations.

An Airbus spokesperson stated that "Airbus has launched an investigation into a cyber event during which an IT account associated with an Airbus customer has been attacked. This account was used to download business documents dedicated to this customer from an Airbus web portal. Immediate remedial and follow-up measures were taken by our security teams to prevent our systems from being compromised." The Aerospace corporation added that "As a major high-tech and industrial player, Airbus is also a target for malicious actors. Airbus takes cyber security seriously and continuously monitors activities on its IT systems, has solid protection tools, skilled cyber experts and associated processes to protect the company by taking immediate and appropriate measures as and when needed." (Computer Weekly)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!