Last Updated on October 13th, 2023, By
 In AppSec Bulletin

Increasing Cyberattacks on Israel Following Hamas Assault

Various hacking groups, possibly with links to Russia, have been launching cyberattacks against Israeli government and media websites. These attacks are believed to be in support of the Palestinian military group Hamas, which recently carried out deadly strikes in Israel. Killnet, a self-proclaimed Russian patriotic volunteer hacker group, threatened to target Israeli government systems with distributed denial-of-service (DDoS) attacks, accusing Israel of supporting Ukraine and NATO. They claimed responsibility for taking down an Israeli government website and Shin Bet’s site, but these claims couldn’t be immediately verified. Other groups, including Anonymous Sudan, have also declared their support for the “Palestinian resistance” and claimed attacks on Israeli media outlets’ websites. Some of these attacks have targeted Israeli infrastructure like power plants and missile alert systems. While Israel is frequently targeted by cyberattacks, it remains uncertain whether Iran’s hackers are involved in the current conflict.

Source – Time News

MGM Resorts Declines to Fulfill Hacker Ransom Request Amid Cyberattack

MGM Resorts recently faced a cyberattack and made a bold decision not to pay ransom to the hackers. The attack disrupted operations at several of their hotels and casinos, impacting guests, including FTC chair Lina Kahn during her visit to Las Vegas for meetings.

The cyberattack occurred on September 11, 2023, resulting in a data breach affecting millions of customers who transacted with MGM Resorts before March 2019. The hackers accessed personal information such as names, contact details, dates of birth, and driver’s license numbers. Some customers had their social security numbers or passport numbers compromised, but specific numbers were not disclosed.

Fortunately, the hackers did not gain access to customer passwords, bank account information, or credit card details, providing some relief to affected individuals. MGM Resorts promptly responded by notifying affected customers via email and offering free credit monitoring and identity theft protection services to mitigate potential harm.

Their domestic operations have mostly returned to normal, but they incurred expenses of under $10 million for technology consulting, legal fees, and third-party advisory costs related to the cyberattack. The incident is expected to result in an overall loss of approximately $100 million.

MGM Resorts’ decision not to yield to ransom demands underscores its commitment to cybersecurity and safeguarding customer data, even in the face of significant financial losses.

Source – Cyber Security News

Credential Stuffing Cyber Attack Targets 23andMe

Biotech firm 23andMe suffered a data breach due to a credential stuffing attack, with a focus on Ashkenazi Jewish heritage. Unauthorized access led to the exposure of certain customer information, such as names, gender, email addresses, birthdates, locations, and genetic history evaluations. The breach stemmed from recycled login credentials from previous data breaches, indicating a credential stuffing attack.

23andMe launched an investigation and encouraged users to strengthen their passwords and enable multi-factor authentication. The attacker later leaked the stolen data on a dark web forum, offering tailored ethnic profiles, origin estimations, and more, with prices ranging from $1,000 for 100 profiles to $100,000 for 100,000 profiles. 23andMe confirmed the legitimacy of the leaked data.

Source – Cyber Security Hub

MGM Resorts Confronts £100 Million Loss Following Cyber Attack on Its Casinos

Johnson Controls International (JCI) has fallen victim to a ransomware attack that has disrupted its operations and impacted partners. The company initiated its incident response plan, collaborating with cybersecurity experts and insurers to mitigate the situation. While many applications remain operational, the incident is expected to continue causing disruptions.

JCI subsidiaries, such as Simplex and Ruskin, have reported technical issues affecting their websites and customer portals. The attack’s impact on the release of financial results and annual performance is under evaluation.

The Department of Homeland Security (DHS) is investigating whether sensitive security information and personally identifiable data were compromised in the breach, as JCI holds contracts related to DHS security systems.

The Dark Angels Team ransomware gang is believed to be responsible for the attack, demanding a $51 million ransom for data decryption and non-release of stolen data. The group uses double extortion tactics and primarily targets government, healthcare, finance, and education sectors.

The attack has raised concerns about supply chain vulnerabilities, emphasizing the need for stronger cybersecurity standards in government contracts.

Cybersecurity experts suspect the ransomware used in the attack may be a new variant targeting Johnson Controls, leveraging known vulnerabilities and social engineering tactics.

Source – Computer Weekly

Alleged $2 Billion Scam Emerges as Payment Gateway Provider Safexpay Technology Faces Suspected Hack

In a shocking development, Thane Police are investigating the alleged hacking of Safexpay Technology Pvt Ltd’s payment gateway, which has unveiled a scam involving Rs 18,180 crore. The Shrinagar Police Station filed an FIR, and investigations revealed that the fraudulent funds were transferred to hundreds of bank accounts. Approximately Rs 25 crore made its way to a Thane-based company’s HDFC Bank account, with further probes suggesting misappropriation of around Rs 16,180 crore across 260 accounts, some of which were foreign. The scam was exposed after a complaint was filed in April following an illegal transfer of over Rs 25 crore.

Source – EtCiso

Magecart’s Latest Tactic: Manipulating 404 Error Pages to Swipe Shoppers’ Credit Card Data

A sophisticated Magecart campaign is using a new technique, manipulating websites’ default 404 error pages to hide malicious code. This campaign targets Magento and WooCommerce websites, impacting large organizations in the food and retail sectors. The attackers insert code directly into the HTML pages or first-party scripts loaded on the site, aiming to steal sensitive information entered by visitors on checkout pages. By dividing the attack into three parts, it becomes more challenging to detect, making it discreet and evading security services and external scanning tools. This Magecart campaign uses various methods to obscure skimmer code, extending the attack’s lifespan. One of the variants utilizes the default error page to conceal the skimmer code creatively and evade security measures actively analyzing network requests.

Source – The Hacker News

Hackers Breach WhatsApp Accounts of Social Services and Schools, Exposing Data of 900 Hongkongers

In the past month, almost 900 Hong Kong residents fell victim to data breaches as fraudsters took control of WhatsApp accounts belonging to social services and schools. The attackers targeted social welfare services and schools, posing as these organizations to defraud individuals listed in their address books. The breach included names and mobile phone numbers of service users, school staff, parents, and pupils. Hackers impersonated friends or relatives or used fake WhatsApp websites to obtain telephone numbers and app registration codes, gaining access to accounts and attempting to swindle money or collect personal information from victims’ contacts. The public was urged to verify instant messaging platform URLs, avoid clicking on links from unknown sources, and check their accounts for unauthorized activity. Meta, WhatsApp’s parent company, was contacted for comment. Hong Kong has experienced a high rate of suspected digital fraud attempts, with scams related to travel and leisure being prevalent. Additionally, the city’s IT park, Cyberport, suffered a data theft incident.

Source – SCMP

AppSealing is the only cloud-based pay-as-you-go solution to protect mobile apps without writing a single line of code. Our solution is easy to use and allows you to protect mobile apps from hackers and illegal application modification, thus making it secure in run-time with RASP Security Features.