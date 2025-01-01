Top Cybersecurity Threats for October 2023 Business

Author: Phil Muncaster,On the third Wednesday of every month, the VTRAC holds a Monthly Intelligence Briefing (MIB) to discuss the current security threat landscape, latest cybersecurity trends, news and threat intelligence. Below is the summary of their most recent briefing and here is the . 1. Big-name casino breaches illuminate the costs and challenges posed by ransomware,2. Chinese hackers target vulnerable network edge devices in major espionage operation,3. Rapid Reset bug exploited to launch some of the largest ever distributed denial-of-service (DDoS) attacks,If you'd like to receive new articles, solutions briefs, whitepapers and more—just let us know. Two of the biggest names in Las Vegas were by the same ransomware affiliate group in recent weeks. Scattered Spider (UNC3944) works with ALPHV/BlackCat ransomware and is said to comprise members based in the U.S. and U.K. These recent cyber attacks underline the serious impact ransomware continues to have on wealthy organizations. MGM suffered widespread outages following the attack, including several of its websites, the MGM mobile rewards app, online bookings, and in-casino services like ATMs, slot machines and card payment machines. It claimed in that resulting costs could hit close to $110 million, although the company expects its cyber-insurance policy to cover this. In both this incident and a breach at Caesars, customers' personal data was stolen. However, in the latter case, to pay its extortionists a $15 million ransom. In the case of MGM, Scattered Spider appears to have compromised the company by targeting its employees. After doing some research on LinkedIn, they the IT helpdesk at the company pretending to be an employee and socially engineered the IT admin into handing over credentials within minutes. Such vishing tactics highlight the continued need for cybersecurity training and awareness of cybersecurity trends, at all levels of an organization. A joint U.S.-Japan has revealed a major Chinese linked state cyberespionage operation in which actors exploited the network routers of multinationals (MNCs) in order to access their networks. The BlackTech (Circuit Panda) group was blamed for the attacks on government, industrial, technology, media, electronics and telecommunication sector firms, including entities that support the militaries of the U.S. and Japan, according to the alert. The group exploited various router brands and models using a customized firmware backdoor enabled and disabled through specially crafted TCP or UDP packets. This malware was used for initial access into networks, maintaining persistence and exfiltrating data. Routers were compromised at subsidiaries of large MNCs, with threat actors then pivoting to the networks of the same firms' headquarters. The group made a big effort to stay hidden, by using stolen code-signing certificates and blending in with corporate network traffic, among other tactics. Threat actors have been exploiting a zero-day vulnerability in the HTTP/2 protocol since August to launch the ever seen by Cloudflare. is the cause of a series of Rapid Reset attacks. They take advantage of the fact that HTTP/2 allows multiple streams to be created over the same TCP connection. Exploiting an attacker to open multiple new streams and quickly send RST_FRAMEs to close them, putting a heavy load on the server with little effort required on the part of the threat actor. Attacks aimed at Layer 7 like this are typically harder to mitigate than network-layer threats. exploitation of CVE-2023-44487 enabled attackers to launch a series of DDoS attacks that reached a peak of 398 million requests per second (rps). Cloudflare added that it mitigated over a thousand attacks at 10 million rps, including 184 which were bigger than its previous record of 71 million rps. This was with botnets of just 20,000 machines. Whilst infrastructure giants like Google and Amazon have patched the zero-day, organizations that handle this in-house were told to urgently follow suit. Learn more about the ever-evolving nature of security threats and complex risk environments. 