Category: Social Engineering

Inside a Social Engineering Attack: How Retool Was Hit

Posted on By SEN Producer No Comments on Inside a Social Engineering Attack: How Retool Was Hit

Retool is a large provider of low-code software solutions: “Companies use Retool for building everything: simple CRUD apps, production-grade workflows and automation, and complex enterprise ops software.” After an attack that penetrated 27 of Retool’s cloud customers in August, the company posted a frank and unusually detailed account of the social engineering and software that…

Read More “Inside a Social Engineering Attack: How Retool Was Hit” »

Social Engineering

Social Engineering Used Against Gaming Industry Long Before Modern IT and the MGM Resorts Hack

Posted on By SEN Producer No Comments on Social Engineering Used Against Gaming Industry Long Before Modern IT and the MGM Resorts Hack

The ALPHV/BlackCat group has claimed it hacked MGM after targeting one of the company’s employees on LinkedIn as part of a social engineering attack. The art of tricking human beings has been leveraged to a previously unimaginable level through the use of now ubiquitous technologies, from email to AI. In days past, the threat was…

Read More “Social Engineering Used Against Gaming Industry Long Before Modern IT and the MGM Resorts Hack” »

Social Engineering

Social Engineering Used in Caesar’s Hack

Posted on By SEN Producer No Comments on Social Engineering Used in Caesar’s Hack

The attack appeared to come days before the massive MGM Resorts breach, also attributed to social engineering. “Caesars Entertainment, Inc. (the “Company,” “we,” or “our”) recently identified suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor used by the Company. Our customer-facing operations, including our…

Read More “Social Engineering Used in Caesar’s Hack” »

Social Engineering

Slots Go Silent at MGM Casinos Due to Social Engineering Attack

Posted on By SEN Producer No Comments on Slots Go Silent at MGM Casinos Due to Social Engineering Attack

MGM Resorts has suffered major disruptions after a cyber attack on Sep. 10th. USA Today reported: “Over a dozen MGM Hotels & Casinos have had to shut down operations after a cyberattack on its computer systems Sunday left the resort chain vulnerable. Computer systems at all MGM properties have been shut down for the immediate future until the…

Read More “Slots Go Silent at MGM Casinos Due to Social Engineering Attack” »

Social Engineering

North Korean Hackers Targeting Cybersecurity Experts with Social Engineering: Google

Posted on By SEN Producer No Comments on North Korean Hackers Targeting Cybersecurity Experts with Social Engineering: Google

They’re back. Google warned about North Korean state-sponsored hackers going after cybersecurity researchers a couple years back. Now Google says they’re back at it. “Similar to the previous campaign TAG reported on, North Korean threat actors used social media sites like X (formerly Twitter) to build rapport with their targets. In one case, they carried…

Read More “North Korean Hackers Targeting Cybersecurity Experts with Social Engineering: Google” »

North Korea, Social Engineering

“Malvertising” Scams on Facebook Business Accounts from Vietnamese Cybercrooks

Posted on By SEN Producer No Comments on “Malvertising” Scams on Facebook Business Accounts from Vietnamese Cybercrooks

The report from The Hacker News reports on several attack variants, including those using Ducktail malware: “The actors behind Ducktail, for instance, leverage lures related to brand and marketing projects to infiltrate individuals and businesses that operate on Meta’s Business platform, with new attack waves employing job and recruitment-related themes to activate the infection.” In…

Read More ““Malvertising” Scams on Facebook Business Accounts from Vietnamese Cybercrooks” »

Malvertising, Social Engineering

Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks

Posted on By SEN Producer No Comments on Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks

The Chief Evangelist for KnowBe4 Inc., provider security training and simulation services, makes a useful point about the inadequacy of cybersecurity software in a company where employees do not have the culture to identify and avoid social engineering attacks. He suggests several steps, starting with: “1. Assess Your Cybersecurity Culture Understand whether your employees value cybersecurity….

Read More “Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks” »

Cybersecurity Culture, Social Engineering

Okta Customers Hit by Social Engineering Attacks

Posted on By SEN Producer No Comments on Okta Customers Hit by Social Engineering Attacks

The access management provider has issued a report on the attacks: “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all Multi-factor Authentication (MFA) factors enrolled by highly privileged users….

Read More “Okta Customers Hit by Social Engineering Attacks” »

Social Engineering

Feds Provide Guidance on Social Engineering in the Healthcare Industry

Posted on By SEN Producer No Comments on Feds Provide Guidance on Social Engineering in the Healthcare Industry

The guidance comes from a report entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” from the US Department of Health and Human Services and its advisory group. It includes information social engineering and healthcare. See the report here. The information will seem basic to many IT security professionals, but it’s likely helpful to many…

Read More “Feds Provide Guidance on Social Engineering in the Healthcare Industry” »

Healthcare, Social Engineering

Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?

Posted on By SEN Producer No Comments on Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?

This interesting report covers increasing social engineering attacks on major collaboration platforms, noting the impact of the recent “Midnight Blizzard” attacks on Microsoft Teams. Read the article here. “‘As companies adopt new types of collaboration technologies, they don’t really think about security first or know what the risk might be until there’s some kind of…

Read More “Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?” »

Impersonation, Social Engineering