Reports claim casino guests and staff have had difficulties accessing room reservations, making transactions, and using key services. The management immediately initiated an emergency response protocol to contain the situation and mitigate the damage.

MGM Resorts International, the parent company of MGM Caesar, confirmed the attack in a press release issued this week. The statement noted that the company’s IT security teams were working tirelessly to restore normalcy. In the meantime, they assured customers that their personal and financial information remained secure due to advanced encryption protocols and immediate action taken to isolate the affected systems.

Local law enforcement and federal agencies have launched an investigation into the cyberattack. Their primary focus is on identifying the perpetrators behind this breach and determining their motives. The casino’s surveillance footage is expected to be a crucial piece of evidence in the ongoing investigation.

This incident serves as a stark reminder of the importance of cybersecurity measures, not only for corporations but also for the protection of customers’ sensitive information. As the investigation unfolds, MGM Resorts International has promised to keep its stakeholders and the public informed about any developments related to the cyberattack.

The following cybersecurity experts have provided their insights and thoughts.

James McQuiggan, security awareness advocate at KnowBe4:

Organizations work tirelessly to protect their infrastructure and data from cybercriminals. The challenge lies with the third-party service providers who can also access the network. If they have a different security culture and mindset, it can only be a matter of time before your organization succumbs to an attack. While cybersecurity occurs daily, a Third Party Risk Management program is crucial to assess vendors, security practices, controls, past breaches, and financial stability. Proactively managing third-party cyber risk is crucial for resilience. A robust TPRM program can pay significant dividends in the long run and will only lead to a data breach without one.

Darren James, a Senior Product Manager at Specops Software:

The post MGM and Caesars Casinos Suffer Massive Cyberattack appeared first on IT Security Guru.

New research has found over 1 in 3 UK&I workers are likely to click a phishing link, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report. The report measures an organisation’s Phish-prone Percentage (PPP), which shows the likelihood employees will be duped by phishing or a social engineering scam.

KnowBe4 analysed a data set of over 12.5 million users, across 35,681 organisations, with over 32.1 million simulated phishing security tests across 19 different industries and seven geographic regions. The resulting baseline “Phish-prone Percentage (PPP)” measured the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.

The post More than 1 in 3 UK&I workers are likely to click a phishing link appeared first on IT Security Guru.

According to the 2023 Insider Threat Report by Cybersecurity Insiders, nearly three-fourths (74%) of organizations are at least moderately vulnerable to insider threats. It’s worth a company’s time to recognize the five main types of these kinds of attacks and know how to prevent them. 

Recognizing Risk 

1. Privileged Insiders | Privileged insiders are a problem because whatever chance they had of causing risk in the first place – whether unintentional or nefarious – is now increased by their level of privilege. It is far more bang for the buck to compromise a root users’ credentials, for example, than that of an average user. More damage can be done, with less oversight, and for longer. In fact, 55% of organizations identify privileged users as their greatest insider risk threat. How do you combat this? Establish access policies and a good Privileged Access Management (PAM) solution, for starters.
    

1. Malicious employees | These are some of the hardest threats to prevent and so take the most sophisticated security methods. Think about it: an insider not only has all the technical know-how of a hacker, but the internal knowledge of the company’s databases and the savvy to know how to lay low. This kind of behavior is skillfully stealthy and crafted to not draw the attention of even a fellow employee.
    

1. Third Parties | As supply chains expand, more and more companies have to deal with the risk of third-party vendors allowing inroads into their organization. Each partner is its own ecosystem with its own architecture, vulnerabilities, and risks. As CISA explained, “third-party threats are typically contractors or vendors who are not formal members of an organization, but who have been granted some level of access to facilities, systems, networks, or people to complete their work.” That access could be exploited by them as easily as someone within your own team, and once assets have been connected, a breach of their systems is a breach of yours. 

Vet partners and suppliers for security practices and do your due diligence with supply chain integrity by asking for SBOMs and requiring code signing certificates.  Check those your company works with to make sure they hold the same levels of security as your company does and make this a necessary best practice. 

1. Moles | This type of insider threat works for an outside agent to provide sensitive internal information that will supply a breach. Typically financially motivated, this mole could have had widespread experience or be a first timer. Difficult economic circumstances can lead an otherwise unmotivated and benign employee to consider things they never would have before. 

With their elevated knowledge of systems, defenses, and architectures, they secretly feed intel to an outside party – either a cyber gang, nation state threat actor, or other – and facilitate privilege escalations that will lead to the ultimate demise of data and reputation.  

1. Unwitting employees | This is one of the most common forms of insider risk. Most of the time, employees just want to do their jobs and do so in the best and most sensible way possible. If not clearly defined, that initiative can lead to tool sprawl, shortcuts, and unsafe practices. A host of government research has been done on unintentional insider threats, and the causes are myriad: 

• Fatigue or sleepiness 
• Subjective mental workload 
• Mind wandering 

• Situational awareness 
• Just plain human error 

And can be influenced by a number of psychological factors, such as: 

• Personality trait 
• Mood 

• Age effects 
• Drugs and hormones 
• Cultural factors 

Essentially, the reasons that lead us to error as humans. While “to error” is human, however, “to remediate” is divine. Security awareness programs are often an undervalued part of maintaining low phishing click rates and tamping down on other risky online behaviors. 

Remediation through Technology

AI-driven solutions that can autonomously detect and respond to insider incidents are needed today. Cutting edge options today include data loss prevention tools that can “detect, investigate, and respond” to unauthorized access via email, cloud sharing, or removable storage. Best-in-class tools will also contextualize the data that users are accessing, so even if the behavior itself is funny, you can know if the anomalous patterns are nefarious or just the new intern posting cat videos.  

As you look for the best overall solution to fit your particular risk profile, keep in mind that the attack surface is large and every user, partner, and vendor threatens it every time they log in – whether on accident or not. Provide the right training to combat careless errors made in ignorance. Lean on AI-based technology to spot malicious patterns in behavior. Trust a technology solution that provides alerts in context and keeps false positives to a minimum, and keep all this on an ongoing basis: tactics evolve, technologies change, and human error is always with us.  

By Katrina Thompson

An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire and many other sites. 

The post How to prevent against the 5 main types of insider threats appeared first on IT Security Guru.

A malicious individual then gained unauthorised access to the agent’s support queue, exposing user email addresses, Discord support messages and attachments sent via the ticket system.

Discord – which has a user base of over 150 million monthly active users – has deactivated the compromised account and undertaken security checks on the agent’s machine, including malware scans.

The social media platform has collaborated with the third-party partner and has ensured security measures have been put in place, so such an incident is avoided going forward.

Discord has contacted users warning them to remain vigilant of any unusual activity regarding accounts including phishing or fraud attempts.

Commenting on the news and offering insight are the following cybersecurity experts:

Jamie Boote, associate principal consultant at the Synopsys Software Integrity Group, said “Companies need to take a top-down approach to protecting their data. It starts with policy and standards that classify all types of data the company would expect to create, collect, store, or generate. Once these data classification standards are in place, companies then need to catalogue where all sensitive or privacy data is collected, handled, or stored into an inventory. You can’t protect something if you don’t know where or what it is.

Alex Archondakis, Head of Professional Services at Pentest People, comments; “Organisations often focus security resources on their own internal and external assets, however, this attack proves that your security is only as good as the weakest link in your supply chain. Every level of the supply chain should be analysed to understand what type of data or access can be acquired from exploiting it. The company chosen for each section should be researched to ensure that they perform regular penetration tests against their systems and hold relevant cyber security certificates such as Cyber Essentials Plus. In the case of third parties storing your sensitive data, one should ensure that anyone with access to it has been through relevant vetting procedures.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy said, “The growing popularity of Discord, especially among gamers, makes it an increasingly attractive target for the bad actors of the world. Discord users must remain alert for any phishing emails using the email addresses gleaned in the data breach.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech added, “Scammers might personalise their messages using data from the breach to make them more convincing. Never click on links or attachments in unsolicited messages!”

The post Discord Suffers Data Breach Through Compromised Third Party appeared first on IT Security Guru.

The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

Chris Handscomb, EMEA Solutions Engineer at Centripetal: 

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

Particular attacks include:

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

• Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
• Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
• User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
• Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

—

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

Cybereason’s latest report Ransomware and the Modern SOC: How Ransomware is Driving the Requirements for SOC Modernization, surveyed 1,203 security professionals from eight countries and a dozen industries, and found more than 58% said their SOC spends most of its time responding to ransomware and supply chain attacks that often lead to ransomware incidents.

As a result, their modernization plans are now focused across four specific areas:

• 38% — Plan to deploy new detection capabilities with better detection efficacy.
• 31% — Need better visibility into the full attack story.
• 31% — Are looking for ways to augment staffing and contract for managed services, and
• 29% — Said ransomware has increased their need for better automation and faster response.

“In a post COVID world, the modern SOC needs to be a decentralized, capabilities-based organization that leverages industry-leading detection, prevention, visibility, and automation technologies, all of which are often augmented by managed services,” said Israel Barak CISO, Cybereason.

Travel and Transportation Industries Struggling

The study also revealed that almost a third (31%) stated the ransomware threat has exposed their need for better insight and visibility into the full attack story against their organisation. On average, 35 percent of respondents in the United States need better insight and visibility. In Italy, that number jumps to 46 percent. In the travel and transportation industry, more than 57 percent of respondents lack the proper level of threat attack visibility, followed by 39 percent of respondents in the retail, catering and leisure industries.

The post Rise of Ransomware Attacks Main Focus for SOCs, research finds appeared first on IT Security Guru.

Security experts are warning consumers of two new scams that are circulating in the wild which are taking advantage of the buzz and hype surrounding HBO’s new adaption of the popular video game franchise The Last Of US.

Technology expert Prateek Jha from VPNOverview.com initiated the warning which has also been supported by Kaspersky.

Kaspersky researchers shared with VPNOverview details of two separate campaigns — a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data.

The post Fans of Last Of Us warned of rising phishing and malware scams appeared first on IT Security Guru.

The research commissioned by IT infrastructure solutions provider CAE Technology Services Ltd (CAE) of 200 IT leaders and professionals working in the UK showed that just 7% of IT professionals believe that security is at the forefront of their organisation’s strategic thinking.

While 92% agreed that security risks have increased in the last five years, two-thirds (62%) of respondents have seen increased security risks and pressures from their employers.

Almost half (48%) feel that rapid/forced deployment of new tools as a result of hybrid working has caused them challenges around security.

With flexible and remote working becoming more prevalent, there is now a higher risk of security breaches and cyber-attacks than ever before, with 39% of UK businesses identifying a cyber attack within the past 12 months.

Dene Lewis, Head of Technical Strategy and Direction at CAE, said, “These statistics reflect a concerning trend within UK organisations. The threat of cyber attacks is a reality that many UK organisations are facing, so needs strategic focus from leaders.

Although there are many different factors at play, UK organisations must take preventative measures to protect themselves against outside threats.”

Lewis concludes, “To address these issues, businesses must invest in the necessary tools and resources to protect their IT systems.

This includes implementing zero trust architecture and processes, regular security assessments, and employee training programmes to raise awareness of security risks and best practices.”

The post Almost half of IT leaders consider security as an afterthought, research reveals appeared first on IT Security Guru.

The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.

However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).

These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).

Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.

Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).

Kevin Pratt, financial expert at Forbes Advisor, says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.

“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.

“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”

The post Nine In 10 £5m+ Businesses Hit By Cyber Attacks appeared first on IT Security Guru.