Reports claim casino guests and staff have had difficulties accessing room reservations, making transactions, and using key services. The management immediately initiated an emergency response protocol to contain the situation and mitigate the damage.

MGM Resorts International, the parent company of MGM Caesar, confirmed the attack in a press release issued this week. The statement noted that the company’s IT security teams were working tirelessly to restore normalcy. In the meantime, they assured customers that their personal and financial information remained secure due to advanced encryption protocols and immediate action taken to isolate the affected systems.

Local law enforcement and federal agencies have launched an investigation into the cyberattack. Their primary focus is on identifying the perpetrators behind this breach and determining their motives. The casino’s surveillance footage is expected to be a crucial piece of evidence in the ongoing investigation.

This incident serves as a stark reminder of the importance of cybersecurity measures, not only for corporations but also for the protection of customers’ sensitive information. As the investigation unfolds, MGM Resorts International has promised to keep its stakeholders and the public informed about any developments related to the cyberattack.

The following cybersecurity experts have provided their insights and thoughts.

James McQuiggan, security awareness advocate at KnowBe4:

Organizations work tirelessly to protect their infrastructure and data from cybercriminals. The challenge lies with the third-party service providers who can also access the network. If they have a different security culture and mindset, it can only be a matter of time before your organization succumbs to an attack. While cybersecurity occurs daily, a Third Party Risk Management program is crucial to assess vendors, security practices, controls, past breaches, and financial stability. Proactively managing third-party cyber risk is crucial for resilience. A robust TPRM program can pay significant dividends in the long run and will only lead to a data breach without one.

Darren James, a Senior Product Manager at Specops Software:

The post MGM and Caesars Casinos Suffer Massive Cyberattack appeared first on IT Security Guru.

A malicious individual then gained unauthorised access to the agent’s support queue, exposing user email addresses, Discord support messages and attachments sent via the ticket system.

Discord – which has a user base of over 150 million monthly active users – has deactivated the compromised account and undertaken security checks on the agent’s machine, including malware scans.

The social media platform has collaborated with the third-party partner and has ensured security measures have been put in place, so such an incident is avoided going forward.

Discord has contacted users warning them to remain vigilant of any unusual activity regarding accounts including phishing or fraud attempts.

Commenting on the news and offering insight are the following cybersecurity experts:

Jamie Boote, associate principal consultant at the Synopsys Software Integrity Group, said “Companies need to take a top-down approach to protecting their data. It starts with policy and standards that classify all types of data the company would expect to create, collect, store, or generate. Once these data classification standards are in place, companies then need to catalogue where all sensitive or privacy data is collected, handled, or stored into an inventory. You can’t protect something if you don’t know where or what it is.

Alex Archondakis, Head of Professional Services at Pentest People, comments; “Organisations often focus security resources on their own internal and external assets, however, this attack proves that your security is only as good as the weakest link in your supply chain. Every level of the supply chain should be analysed to understand what type of data or access can be acquired from exploiting it. The company chosen for each section should be researched to ensure that they perform regular penetration tests against their systems and hold relevant cyber security certificates such as Cyber Essentials Plus. In the case of third parties storing your sensitive data, one should ensure that anyone with access to it has been through relevant vetting procedures.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy said, “The growing popularity of Discord, especially among gamers, makes it an increasingly attractive target for the bad actors of the world. Discord users must remain alert for any phishing emails using the email addresses gleaned in the data breach.”

Paul Bischoff, Consumer Privacy Advocate at Comparitech added, “Scammers might personalise their messages using data from the breach to make them more convincing. Never click on links or attachments in unsolicited messages!”

The post Discord Suffers Data Breach Through Compromised Third Party appeared first on IT Security Guru.

The microscope has been on TikTok in recent months and has come under increased scrutiny due to fear is that user data from the app owned by Beijing-based company ByteDance could end up in the hands of the Chinese government.

The ban is in place with immediate effect following a security review ordered by ministers and is part of a wider range of restrictions brought in for third-party apps on government devices. The strict measures have been brought in to improve cyber hygiene, protect sensitive data that government officials have access to as well to prevent location data harvesting.

In recent months, many countries have brought in law to ban TikTok from government-owned devices including the US, Canada and the European Commission.

When the announcement was made, the cybersecurity community was quick to provide thoughts and insight…

Javvad Malik, lead security awareness advocate at KnowBe4:

It appears as if the UK is following in the steps of the European unions ban on TikTok on government devices. Risk assessments need to be undertaken and any apps which pose a threat to the government should be removed. However, there is a lack of transparency in these efforts and no real indication is given as to the actual data which is collected by TikTok and who it is shared with and for which purposes. If we were to apply this principle to other social media sites, and mobile apps in general, then many of the apps would not pass this bar. If there is a political risk, then this should be stated so that others can make informed risk decisions too, rather than using the blanket term that is being done for cybersecurity reasons – because most apps will collect data and transmit it to third parties. 

Tom Davison, Senior Director Engineering International at Lookout:

Chris Handscomb, EMEA Solutions Engineer at Centripetal: 

Just a decade ago, the notion of corporate managers and government officials possessing smart mobile devices that could instantly access work information was a novelty. Today, these devices are ubiquitous, internet speeds have vastly improved, enabling individuals to consume copious amounts of high-quality content at the click of a finger.However, with this heightened connectivity, communication, and entertainment, there is the possibility of malicious actors exploiting device vulnerabilities and gathering sensitive data. This sometimes very personal data can then be on-sold to the highest bidder creating a risk factor for companies and government agencies where (potentially compromised) individual contributors are handling sensitive trade or state secrets and may now be vulnerable to blackmail.It is therefore imperative that companies and government agencies prioritise their security measures, safeguarding their employees and enterprises from potential threats.

The post TikTok to be banned from UK Government Phones appeared first on IT Security Guru.

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

Particular attacks include:

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

• Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
• Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
• User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
• Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

—

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

Security experts are warning consumers of two new scams that are circulating in the wild which are taking advantage of the buzz and hype surrounding HBO’s new adaption of the popular video game franchise The Last Of US.

Technology expert Prateek Jha from VPNOverview.com initiated the warning which has also been supported by Kaspersky.

Kaspersky researchers shared with VPNOverview details of two separate campaigns — a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data.

The post Fans of Last Of Us warned of rising phishing and malware scams appeared first on IT Security Guru.

The research commissioned by IT infrastructure solutions provider CAE Technology Services Ltd (CAE) of 200 IT leaders and professionals working in the UK showed that just 7% of IT professionals believe that security is at the forefront of their organisation’s strategic thinking.

While 92% agreed that security risks have increased in the last five years, two-thirds (62%) of respondents have seen increased security risks and pressures from their employers.

Almost half (48%) feel that rapid/forced deployment of new tools as a result of hybrid working has caused them challenges around security.

With flexible and remote working becoming more prevalent, there is now a higher risk of security breaches and cyber-attacks than ever before, with 39% of UK businesses identifying a cyber attack within the past 12 months.

Dene Lewis, Head of Technical Strategy and Direction at CAE, said, “These statistics reflect a concerning trend within UK organisations. The threat of cyber attacks is a reality that many UK organisations are facing, so needs strategic focus from leaders.

Although there are many different factors at play, UK organisations must take preventative measures to protect themselves against outside threats.”

Lewis concludes, “To address these issues, businesses must invest in the necessary tools and resources to protect their IT systems.

This includes implementing zero trust architecture and processes, regular security assessments, and employee training programmes to raise awareness of security risks and best practices.”

The post Almost half of IT leaders consider security as an afterthought, research reveals appeared first on IT Security Guru.

The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.

However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).

These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).

Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.

Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).

Kevin Pratt, financial expert at Forbes Advisor, says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.

“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.

“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”

The post Nine In 10 £5m+ Businesses Hit By Cyber Attacks appeared first on IT Security Guru.

In the U.K., there was a 35% increase in the average number of mobile devices exposed to at least one malicious phishing attack per quarter between 2020 and 2022. In the last two years, 20-30% of mobile devices in the U.K. have been exposed to at least one malicious phishing attack every quarter.

Lookout also found that users on all devices – whether personal or work provided – are tapping more on mobile phishing links in comparison to just two years ago. The report estimates the potential annual financial impact of mobile phishing to an organisation of 5,000 employees is nearly $4 million. Enterprises operating in highly regulated industries – including insurance, banking, legal, healthcare and financial services – were found to be the most heavily targeted.

“Mobile as a threat surface will continue to grow, and hybrid work continues to grow in tandem, introducing huge numbers of unmanaged devices into the enterprise environment,” said Aaron Cockerill, chief strategy officer at Lookout. “It is more important now than ever for organizations to evolve their cybersecurity strategy to proactively combat mobile phishing. As one of the most effective attack vectors for threat actors, often serving as a starting-point for more advanced attacks, mobile phishing protection should be a top priority for organizations of any size.”

In 2022, more than 50% of personal devices were exposed to a mobile phishing attack every quarter, with the percentage of users falling for multiple mobile phishing links in a year is increasing rapidly year over year.

Users, endpoints and applications are now so closely connected that threat actors can initiate advanced attacks simply by stealing user credentials. Mobile phishing is one of the most effective tactics to steal login credentials, which means that mobile phishing itself poses significant security, compliance, and financial risk to organizations in every industry. It is likely that the rise of remote work has contributed to this, as organizations relax bring-your-own-device (BYOD) policies to accommodate employees accessing corporate networks outside the traditional security perimeter.

Lookout also claim mobile phishing attacks are also growing more sophisticated. The share of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022, indicating that users are having a tougher time distinguishing phishing messages from legitimate communications.

The post UK sees 35% increase in mobile phishing exposures – Global State of Mobile Phishing Report appeared first on IT Security Guru.

This cloud-based solution is now available as an integrated add-on to Ivanti Neurons for Unified Endpoint Management (UEM) and the new add-on is fully embedded into the current UEM client, allowing customers to activate the add-on easily and seamlessly without creating friction for their end users.

This latest announcement comes after Ivanti and Lookout recently joined forces to help organisations accelerate cloud adoption and mature their Zero Trust security posture in the “Everywhere Workplace.” The joint solution – which includes Ivanti Neurons for Zero Trust Access (ZTA), Lookout Cloud Access Security Broker (CASB) and Lookout Secure Web Gateway (SWG) – helps customers achieve complete threat prevention and data security both on-premises and in the cloud, inside and outside the network, while following Zero Trust Access security principles.

The two companies are expanding their strategic partnership to now include Lookout Mobile Endpoint Security, powered by the Lookout Cloud Security Platform, which provides advanced mobile security for Android, iOS and Chrome OS devices. The solution embeds Lookout functionality into the Ivanti Go app, consolidating endpoint management and security functions for simple and seamless deployment and administration. Management functions such as locating lost devices, remotely wiping data and applying access control policies now sit alongside security that protects corporate data and credentials from compromise, resulting from mobile phishing attacks, device-level exploits, application malware and network threats.

Together, the joint Ivanti/Lookout solution enables companies to proactively protect all devices – PCs, mobile devices and cloud workloads – from vulnerabilities and attacks. One of the key features of the solution includes protection from web-based and sophisticated attacks that are typically unmonitored and unprotected by traditional solutions.

Key benefits outlines from the Ivanti+Lookout partnership include:

• Enhanced detection and mitigation of cyber threats targeting mobile devices
• More insight and control into mobile devices to meet privacy and compliance requirements
• Simplified cloud adoption with secure access to SaaS apps from mobile devices
• The ability to allow the hybrid workforce to work securely from any mobile device

“We are thrilled to partner with Lookout to provide more options for our customers as they secure an increasingly mobile workforce​,” said Srinivas Mukkamala, chief product officer at Ivanti. “With Ivanti Neurons for MTD, machine learning algorithms provide immediate and ongoing visibility into malicious threats across all protected devices. The combination of unified endpoint management and mobile threat defense enables organisations to proactively manage and secure mobile devices against the broadest array of attacks and defend against web-based and sophisticated attacks.”

“Our partnership with Ivanti continues to go from strength to strength – we couldn’t be prouder of our collective commitment to help customers simplify their cloud adoption and secure their hybrid workforce from anywhere, at any time, from any device,” said Jim Dolce, Lookout CEO. “Regardless of an organisation’s access or hosting method, our joint solution addresses the challenges and realities of data protection today, ensuring that CISOs and CIOs have the most seamless, robust solution for securing their data, regardless of where it flows and where it resides.”

For more information, click here

The post Ivanti and Lookout Announce Extension on Partnership To Protect Mobile Devices appeared first on IT Security Guru.

KnowBe4’s SecurityCoach product is now integrated with the CrowdStrike Falcon platform, with the collaboration designed to help reduce high risk behavior by leveraging CrowdStrike’s security telemetry to discover security incidents, which trigger real-time security training from KnowBe4.

SecurityCoach helps IT and security professionals develop a strong security culture by enabling real-time security coaching of their users in response to high risk security behavior. Leveraging an organization’s existing security stack, IT and security professionals can configure real-time coaching campaigns to immediately deliver a SecurityTip to their users when a security event is detected.

“Our ecosystem of technology partners is growing rapidly, to enrich the support we provide to our customers and to fortify their organization’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with CrowdStrike by seamlessly integrating our new SecurityCoach product with security telemetry delivered from the CrowdStrike Falcon platform. Our integration aims to deliver real-time security coaching and advice based on when security incidents occur to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture.”

“By partnering with KnowBe4, we’re providing bite-sized, personalized security awareness lessons based on enriched insights derived from the CrowdStrike Falcon platform,” Geoff Swaine, VP of Global Programs, Store and Tech Alliances at CrowdStrike. “By seamlessly integrating CrowdStrike’s robust security data with KnowBe4’s large library of curated coaching modules, we’re empowering customers to minimize human risk, improve their security posture and stop breaches.”

KnowBe4 will provide step-by-step instructions and recommendations to help IT and security professionals achieve quick and pain-free integration and data syncing during the implementation process.

The post KnowBe4 Integrates With CrowdStrike Aiming to Reduce Human Risk in Organisations appeared first on IT Security Guru.