The Data Cleaner

  MORALLY INDEFENSIBLE  Microsoft, On January 12th detected an uninvited & dangerous guest in its IT systems. Within a few days it attributed the raid on emails of its “senior leadership” and cybersecurity team to Russia’s Foreign Intelligence Service.  The group has been attacking IT service providers in both Europe and the US. On 25 January, Microsoft published a quick analysis of how Russia's Foregin Intelligence Service hit its systems and said it was notifying other victims. Below is an understanding of what has happened, some informed speculation about the attackers’ lateral movement that may be useful for network defenders. 1. Russia's Foregin Intelligence Service  breached a Microsoft “test tenant” account. It was left sitting with no MFA and without a robust password. They tailored their “password spray” attacks to a limited number of accounts, using a low number of attempts to evade detection and avoid blocks based on the volume of failures. They atta...

 The Pig Butcher This technique is really interesting because it is a display of how people can manipulated by scammers using such diverse tactics. It's modern take on dated amatuer scamming techniques. 'Pig butchering' scams involve victims being effectively 'fattened up' with a fake romantic relationship before being 'butchered' by fraudulent investment advice. It works by scammers posing as love interests on dating sites then convincing their matches to invest in bogus cryptocurrency schemes.  Case that caught my eye: There has recently been a story in the news about a particular cyber scam network. They are run by powerful Chinese syndicates in Southeast Asia. Gaining Trust: The scam often begins with casual conversations initiated by the scammer. These initial interactions are designed to build trust and in many cases involve the use of attractive profile images to lure victims. Introducing the Investment: As trust is established, the scammer introduces...

THE GRAND ATTACK (MGM) In September 2023, MGM Resorts, the world famous hotel and casino chain, faced a cyber attack launched by hacker groups ALPHV and Scattered Spider. The hacker groups used social engineering tactics to enter MGM’s systems, which resulted in a huge ransomware attack.  This attack led to critical operational disruptions, such as disabling online reservation systems, digital room keys, slot machines, and websites. The impact of this attack extended for ten days, causing significant losses for MGM Resorts. Also, concerns arose of a potential data breach that could have involved personally identifiable information (PII) of MGM customers, employees, and vendors. ALPHV, one of the hacker groups, released a statement, “Setting the record straight” on September 14, 2023. In the statement, ALPHV provided details on their strategies and involvement in the cyberattack, shedding light on the events surrounding this breach. The incident showcases the significance of organiz...