Security Digest (September 2023)

September 2023

• MGM Resorts has been reeling following a massive cyber-attack that began on Monday evening.
• The threat actors accessed employee information from a public LinkedIn page, called the resorts technical helpdesk, and masqueraded as the employee to access restricted systems. Analysts believe the threat actors had the access they needed after less than 10 minutes on the phone.
•  Shortly after intrusion, the ransomware group (now identified as ‘ALPHV’), began exfiltrating and encrypting data at a massive scale.
• This attack type, known as ‘Vishing’ (or Voice Phishing), is particularly potent, as it preys on the victim’s willingness to be helpful without performing the proper authentication checks.
• The Casino/Resort empire felt the effects immediately, with guests reporting phone lines down, rooms inaccessible, and slot machines non-functional. For several days, the company’s primary website was taken down and replaced with the splash page seen below.

• Website functionality was restored in the early hours of Friday, September 15th.
• The company reported revenue upwards of $14.1 Billion in 2022. Projections estimate losses due to the incident will range from 6$-8$ Million dollars in revenue every da

Advanced advises all customers to verify all requests that may come in over the phone. Advanced also recommends enrolling in Security Awareness training to ensure your staff are empowered with the knowledge necessary to thwart social engineering attacks.

• Silverfort, an industry leader in identity protection, released it’s annual “State Of Identity Security” report this week.
• The report is used to highlight gaps in cybersecurity resilience related to identity protection. The report analyzed data from 637 respondents in identity roles with at least 1,000 employees between May and June 2023.
•  Findings reveal that 83% of organizations have experienced identity-related breaches, with compromised credentials being the most common root cause.
• Despite the use of multi-factor authentication (MFA) and privileged access management (PAM), there are still critical security exposures, leaving organizations vulnerable to malicious use of compromised credentials.
• This emphasizes the need for end user training to prepare for threat actors taking a more humanistic approach to attacks.
• Organizations that have not implemented MFA felt the most significant impact, with 65% of employers still not utilizing the industry recommended standard.

• Apple rolled out their Rapid Security Response program March of this year to administer quick, automated updates for critical vulnerabilities.
• An update released Monday addressed two vulnerabilities, designated as CVE-2023-41064 and CVE-2023-41061. The exploits were commonly used together, or ‘chained’, to run code on end user devices without any interaction. The chain has been called BLASTPASS by researchers.
• CVE-2023-41064 outlines a buffer overflow attack in image rendering specific to Apple devices, while CVE-2023-41061 describes a malicious attachment that can run arbitrary code when delivered to an iOS device (vendors will often leave early descriptions for their patches intentionally vague to reduce the chance of exploitation on devices that are not yet patched).
• Apple discovered the vulnerabilities following analysis of a device owned by an employee of a Washington DC-based civil society organization. Analysts believe the end user was a high value target for international organizations exfiltrating government data.
• The vulnerability is so potent, the U.S. Cybersecurity and Information Security Agency (CISA) has published an alert requiring all federal agencies to patch their devices by October 2nd, 2023.
• While no compromises have yet been observed on computers, analysts believe MacOS is theoretically exploitable, and recommends updating as a priority.
• These are the 12th and 13th Zero-Day Vulnerabilities addressed by Apple since January. Researchers believe the devices will continue to be targeted due to their widespread use.