I have been reading with interest that it has been the turn of the mighty MGM Group (Hotels, Casinos, Gambling Websites) to fall victim to hackers who have locked systems in a ransomware attack ...
With cyber attacks so prolific, your IT company should not be marking their own homework!
Customers and clientele could not get into rooms using their electronic keys. Slot machines were disabled and the entire business went into manual override, with queues forming to obtain hand-written receipts for winnings and to get physical room keys.
"The rumours are that a method called 'vishing' was used!"
Essentially it appears to have been a well-constructed (phoney) phone call to MGM's IT Help Desk, asking for a password reset. Allegedly, the hackers also social engineering techniques (something I have written about previously), to know enough information to get past the help-desk operative and gain access to the systems.
It appears that although MGM has cyber security training in place for other methods used by hackers, such as phishing via emails, there is not much attention given to vishing in the manual realm. It appears that the actor was impersonating a 'user' and knowing enough of the language/terminology to blindside the IT department.
I have received phone calls in the past from 'call centres' saying that my computer is sending out thousands of emails from my account and to allow remote access to my laptop. The first thing I ask is for the caller to verify my public IP address and which ISP I am using. This leads to the caller hanging up the phone abruptly and never heard from again.
In other cyberattack news, a third-party supplier to the Greater Manchester Police (GMP) has been subject to a ransomware attack, with details of warrant cards and ID badges being leaked. These include officers' warrant/collar numbers, photo IDs and names. Unlike the accidental leaking of Police Records in Northern Ireland recently, no home addresses or financial details are held by the supplier.
The data you hold on your customers and the way in which you protect your systems from being compromised form a big part of the GDPR mandate in the UK and Europe. It is absolutely essential that all the names, addresses, and any personal/financial details that you have on your servers, or even in the cloud are heavily guarded by secure passwords and two-factor authentication to limit the hackers' ability to gain access to your business systems. Your reputation and livelihood are at stake in a big way.
For smaller and mid-size businesses, investing in cyber training and how to spot potential scammers is now more important than ever before. This is not a tick-box exercise, this is now getting to a point where every single piece of data is worth something to someone, so get your systems tested by an independent penetration testing facility.
"Your IT company should not be marking their own homework!"
Find a good independent consultant who knows the market place and they will be able to advise your business accordingly as to who the movers and shakers are in the IT arena.
Until next time ...
PRITESH GANATRA
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more about cyber attacks and how vishing and social engineering could affect your business, it may be a great idea to call me on 01604 926100 or take a look at my website which you can find here.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.
