“Help desks want to help people,” according to Kevin Mandia, Mandiant CEO, in a recent interview on CNBC’s "Squawk Box." But these groups are very sophisticated at creating ruses that fool staff.
“They [the attackers] are also doing something called SIM swapping, where they get one-time passwords texted to their phone. … These people are very clever at what they do because they are breaking human trust.”
Digging deeper, this article from Reuters provides more details on these cyber attacks: “David Bradbury, chief security officer of the identity management company Okta, said five of the company's clients, including MGM and Caesars, had fallen victim to hacking groups known as ALPHV and Scattered Spider since August. …
“The hacks have cast fresh spotlight on ransomware attacks — cyber intrusions that affect hundreds of companies every year, from health-care providers to telecom firms. MGM and Caesars lost market value last week as stock prices fell, and MGM is yet to recover from various operations disrupted at the hotels and gaming venues it owns from Las Vegas to Macau. …
“Bradbury said the group had breached into MGM and obtained access to its Okta client, which allowed it further access to more credentials in the identity management firm's system.
“Scattered Spider appears to have worked with ALPHV on the latest hacks, Bradbury said, citing research by security analysts who have tracked both groups. 'Think of them more as business associates or affiliates,' he said.”
SOCIAL ENGINEERING ISN'T NEW, BUT ...
While these attacks are not new, the newer, more sophisticated social engineering techniques are getting harder to detect.
For example, before calling help desks, many hackers now acquire employee information including passwords by social engineering. They also use "SIM swapping," a technique where they trick a telecom company's customer service representative to reassign a specific phone number from one device to another, which they use to trick the help desk staff.
Here are some blogs that are helpful to go over to review social engineering attacks — especially during October’s National Cybersecurity Awareness Month:
- 2023 Cybersecurity Awareness Month Appeal: Make Online Security Easier
- How to Respond to Social Engineering Incidents: An Expert Interview
- Beyond Spear Phishing: How to Address Whaling and More
- New Business Email Compromise Schemes Add Vendor Deception
- The Fundamental STRENGTH in Effective Security Awareness Programs
NEW CISA RESOURCES TO HELP
The Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of the 20th Cybersecurity Awareness Month last week. Throughout October, CISA and the National Cybersecurity Alliance(NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. “Secure Our World” will also be the enduring theme throughout the year as we work to drive behavioral change around core cybersecurity habits by providing everyone with the knowledge and tools they need.
“As cyber threats become more sophisticated, individuals and families, small and medium businesses, and large companies all have an important role to play to in keeping our digital world safe and secure,” said CISA Director Jen Easterly. “This Cybersecurity Awareness Month, we are asking everyone to do their part to ‘Secure Our World’ by adopting key behaviors that promote online safety and security.”
FINAL THOUGHTS
Purdue University’s cybersecurity website offers some great materials.
Here’s a fun video on passwords and cybersecurity:
Here are some more ways to combat social engineering from: