MGM Resorts and Caesars Entertainment hit by Scattered Spider | Cyber Intelligence Briefing: 15 September

Top news stories this week

1. Caught in the web. MGM Resorts and Caesars Entertainment hit by Scattered Spider.  
2. Tailspin. Airbus suffers data breach after third-party employee’s device compromised.
3. Charity trouble. BianLian group claims attack on Save the Children International.
4. Uncovered. Greater Manchester Police officers’ details exposed in cyber attack. 
5. Wipe out. Sri Lankan government loses months of data following ransomware attack.
6. DDoS deluge. Unnamed US financial giant and Telegram targeted in DDoS attacks.  
7. Fix fest. Tech giants release security patches. 

1. Cyber attacks on casino giants MGM Resorts and Caesars Entertainment

A ransomware operator known as Scattered Spider has separately compromised two of the largest casino and hotel operating groups in Las Vegas – MGM Resorts and Caesars Entertainment. Caesars is reported to have paid a ransom of USD 15 million to secure deletion of stolen data, while MGM Resorts has suffered major operational disruption, with reports warning that its credit rating will be impacted. 

So what?

Scattered Spider is believed to have gained access to both networks through social engineering, highlighting the importance of staff security awareness. 

 2. Airbus suffers data breach after hacker dumps data on the dark web

A cyber criminal using the moniker ‘USDoD’ has leaked employee and vendor data from aerospace giant Airbus on a dark web hacking forum. The hacker obtained third-party Airbus credentials by infecting a Turkish Airline employee’s device with info-stealing malware called RedLine.  

So what?

Ensure that third-party access to your systems is restricted, carefully monitored, and regularly audited. 

 3. BianLian claims attack on Save the Children International 

Cyber criminal group BianLian claims to have stolen 6.8 terabytes of sensitive data from charity Save the Children International. The organisation has confirmed the attack but denies any operational disruption. BianLian shifted towards exfiltration-based extortion in January 2023 after a free decryptor was released for their ransomware. 

So what?

Consider whether you have adequate visibility into your network traffic to detect and disrupt exfiltration before sensitive data leaves your perimeter. 

4. Ransomware attack wipes out Sri Lanka data 

Sri Lanka’s government has lost three months of data after a ransomware attack affected more than 5,000 government email addresses. While systems were brought back online within 12 hours, the government’s inability to recover all data stemmed from insufficient backup coverage.   

So what?

Regularly conducted and thoroughly tested isolated backups are crucial for minimising the risk of data loss during a ransomware attack. 

5. Greater Manchester Police Officers' details exposed in cyber attack 

Personal details belonging to Greater Manchester Police officers have been compromised in a cyber attack targeting a third-party supplier responsible for issuing ID cards. Concerns are heightened regarding the possible exposure of undercover officers, prompting a national criminal investigation into the incident. 

So what?

Organisations must conduct regular vendor assessments to identify risks and define remediation plans. Contracts with third parties should also be used to implement security measures aligned to the organisation’s cyber security programme.

6. DDOS attacks target Telegram and American financial firm

Hacktivist group Anonymous Sudan has targeted Telegram with a Distributed Denial of Service (DDoS) attack following the suspension of its primary Telegram account.   

Separately, cyber security firm Akamai Technologies reportedly intercepted a significant DDoS attack targeting the primary online banking portal of an unnamed US financial giant. DDoS attacks flood websites with requests, rendering them temporarily inaccessible.  

7. Microsoft, Apple, Adobe, Google, and Mozilla release security patches 

Microsoft, Apple, Adobe, Google, and Mozilla have released patches for security flaws, including several zero-day vulnerabilities. This includes a patch for an actively exploited zero-day vulnerability that enabled threat actors to install spyware on iOS devices with no user interaction. 

So what?

Once an organisation has defined its patch management strategy, investment into an automated patching solution will help ensure that patches are detected and deployed in a timely manner.