Welcome to Ironshare’s Cyber Round-up, where we look back at the events of that last week to cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
The cybercrime group, Gold Melody, has been identified as an initial access broker; The group’s recent activity has been closely monitored by the SecureWorks Counter Threat Unit, who have observed Gold Melody selling access to compromised organisations.
Gold Melody’s current operations involve the utilisation of web shells, publicly available utilities, and remote access trojans to gain access to target systems and setup up reverse tunnels with hard-coded IP addresses. The group’s new direction as an IAB is very clearly financially motivated and relies on the exploitation of known & unpatched vulnerabilities. The main takeaway from these attacks is “the importance of robust patch management.”. While it can be difficult to prepare for unknown threats, ensuring that you are protected against all known vulnerabilities is essential.
Cisco has just made the surprise acquisition of cybersecurity software firm Splunk. Paying a total of $28 billion, this is reportedly Cisco’s largest ever acquisition, and is part of their vision to become the “largest software companies globally” with a heavy focus on cybersecurity, and the protection of organisations worldwide. As part of this deal, Splunk CEO Steele will join Cisco’s executive leadership team, and continue to add to his contributions to Splunk after being in charge for the last year. While this acquisition is not yet complete, both parties are required to pay a termination fee of more than $1 billion should they choose to withdraw from the deal.
MGM Resorts have been in the headlines for the last week, following a cyber attack that has crippled their operations. 10 days later, MGM have reported that all computer systems are back online and operational, and issued a statement saying:
“We are pleased that all of our hotels and casinos are operating normally,”
While operations have been restored, the investigation has not yet concluded, and analysts are still working to measure the impact and long-term effects of the incident.
The ICC reported that they have been a victim of a cyberattack when “at the end of last week, The ICC’s services detected anomalous activity affecting its information systems,” a statement said. The ICC reports they are currently in the process of investigating and remediating the ongoing incident while “ensuring that the work of the court continues.” Information surrounding the attack such as information accessed, identification of the attackers, and other elements hasn’t been made available by the ICC.
Leaked documents from Microsoft have revealed their designs for upcoming consoles, controllers, and games. The leak came from confidential information from the ongoing legal dispute between the Federal Trade Commission and Microsoft. The documents, which were meant to be redacted revealed emails, presentations, and other communications about their future plans. This is a significant blow to Microsoft who also was at the mercy of threat actor Storm-0324 who managed to steal signing keys and gain access to emails of US employees in July.
Customers using the T-Mobile app reported seeing other users' information on their accounts. The information included customers' names, phone numbers, addresses, account balances, and credit card details like the expiration dates and the last four digits of their card. T-Mobile reported that there was no cyberattack on their systems and that the was caused by “a temporary system glitch related to a planned overnight technology update involving limited account information for fewer than 100 customers, which was quickly resolved.” However multiple customers have reported this issue up to two weeks before being fixed. This is yet another failing of T-Mobile which has been hit by nine data breaches since 2018 displaying a pattern of lax security implementations.
And that’s it for this week’s round-up, please do check in next week for our new batch of security news and posts.
Stay Safe, Secure and Healthy!
Edition #252 – 22nd September 2023
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.