This Month in Cyber Security: September 2023
The latest news stories and industry updates from your favourite cyber security platform!
We’ve compiled some of the biggest news stories from the world of cyber security in September 2023, including the theft of $53 Million in Cryptocurrency, Great Manchester Police targeted in a ransomware attack, a fake Telegram app targeting Android users, and lots of exciting releases and news from TryHackMe.
Keep reading for your monthly industry updates!
TryHackMe’s Threat Hunting Week
Welcome to Threat Hunting Week! Between the 25th - 29th September 2023, we’ll be releasing lots of exciting and unique walkthroughs and challenges. So get ready to immerse yourself in a series of interactive rooms designed to simulate real-world threat hunting scenarios!
And of course, in true TryHackMe style, there’s a NEW learning path just around the corner (we know - yet another path release!)
The SOC L2 learning path is about to drop sooner than you think 😉 so dive into Threat Hunting Week for a glimpse of what to expect, and keep an eye out for the next learning path release happening next week!
$53 Million in Cryptocurrency stolen by suspected hackers
On September 12th, CoinEx announced that their Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets.
An analysis from @PeckShieldAlert on X, formally known as Twitter, initially revealed that $31 (~$19M ETH, ~$11.5M TRON, ~$295k Polygon) had been transferred to a crypto wallet. The address used on the wallet was the same address used in a previous attack by the Lazarus group.
Upon noticing the attack, CoinEx transferred the remaining funds to a cold wallet for protection. Following the attack, a post by CertiK Alert revealed that an estimated $53 million was taken in total by the hackers.
MGM targeted by hackers in 'chaotic' attack
MGM, which owns more than two dozen hotel and casino locations and pulls in tens of millions of dollars every day, reported a 'cyber security issue' on the 11th of September. This issue affected some of its systems, hotel room digital keys, and even slot machines. MGM guests found themselves waiting for several hours to check in and using physical room keys and handwritten receipts for casino winnings, with the international giant attempting to stay as operational as possible.
After nine days, MGM released a statement to confirm that hotels and casinos were “operating normally” again, although there may be some intermittent issues.
A group known as Scattered Spider is believed to be responsible for the MGM breach, and reportedly used ransomware-as-a-service operation to conduct the attack. Scattered Spider, who specialise in social engineering, have previously manipulated victims by impersonating people or organisations.
Interestingly, Caesars Entertainment, an American hotel and casino entertainment company based in Nevada, was also the victim of a data breach around the same time as MGM. Caesars Entertainment reportedly paid millions of dollars to hackers after an outsourced IT support vendor fell victim to a social engineering attack. This resulted in sensitive data of its customer loyalty program being stolen.
It's thought that Scattered Spider is not behind the attack on Caesars Entertainment, and the two events are unrelated.
Thousands of ID Badges stolen in hack targeting Great Manchester Police
Thousands of pictures and names belonging to police officers in Great Manchester were stolen after a ransomware attack which targeted the company contracted to produce the ID badges.
All 47,000 employees were informed of this data breach, and an investigation is taking place to see if there has been any security breach relating to Metropolitan Police data.
Addresses and other personal information were not stored or collected by the third-party supplier (or so it is thought), this is the third cyber attack on UK Police within the last month.
Fake Telegram app found on Google Play store
‘Evil’ Telegram clones started to appear on Google Play which promised to be much faster than the original Telegram application. While the apps would work as intended, Kaspersky reported that they found extra code used to steal data.
The functions they found collected any incoming text messages and even the contacts on the user’s phone. These were later updated to a server at regular intervals. But wait, there’s more! Even files that were sent to the user using the Telegram application were uploaded to the attacker’s cloud server.
iMessage exploit threatens MacOS and iOS
If you have not updated your iPhone, update now! A vulnerability targeting iMessage allows an attacker to install Spyware on your device.
This attack, coined “Blastpass”, executed arbitrary code onto the unsuspecting victim’s device by maliciously crafting and sending them an image. Apple quickly released a Rapid Security Response patch for all devices and urged users who may be targeted by this attack to put their iPhones into lockdown mode.
This attack abused two Common Vulnerabilities and Exposures (CVE) known as CVE-2023-41064 and CVE-2023-41061, both of which were patched in the recent update.
NEW Security Engineer learning path!
On the 11th of September, TryHackMe launched their brand new Security Engineer learning path, teaching you all about managing incidents, software security, network security, threats and risks, plus much more.
To celebrate the launch, we introduced a whopping $20,000 giveaway worth of prizes, including free TryHackMe swag, subscription vouchers, Amazon vouchers, laptops, certification exam vouchers, plus much, much more 😎
While the ticket promotion has since come to an end, it’s never too late to dive into the Security Engineer learning path. So what are you waiting for? Launch the path to kickstart your Security Engineering journey!
TryHackMe’s Annual Retreat!
This month, the TryHackMe team headed out to the beautiful island of Mallorca for our annual company retreat - a fully funded employee benefit for teams to foster meaningful relationships and create memories that last a lifetime!
Throughout the week, we enjoyed thought-provoking workshops, trust-building exercises, and ice-breaking games carefully designed to foster stronger connections and collaboration.
Want to find out what we got up to? Check out our new TryHackMe retreat blog where we recap the highlights of this unforgettable adventure!