It appears that the ALPHV ransomware group is behind MGM Resorts' cyberattack on Monday. The way they reportedly gained initial access is by looking into the MGM employees on LinkedIn, picking one, and then calling the Help Desk.
The ALPHV group is said to be "extremely skilled at social engineering".
Yet finding information on an organization's employees on LinkedIn & and then using it in a vishing attack, often impersonating that individual, is a frequent and rather standard practice in #vishing attacks.
I have seen first-hand that there is a need to improve in a few areas:
🔹 Few organizations are prepared to handle phone-based social engineering. Most companies focus almost entirely on #phishing attack simulations.
That allows blind spots and a lack of processes/preparedness in too many other areas like vishing, social media and SMS-based attacks among other things.
🔹 Having a proper identity verification process in place and training your employees to stick with it often mitigates a lot of vishing/impersonation attacks.
Yet in most cases, there is either a lack of verification process or the employees are not aware of it (they sometimes get trained on it once during onboarding, and then forget all about it).
🔹 Understanding that social engineering is not limited to email attacks. It is a serious threat, and it requires working on a comprehensive social engineering prevention protocol.
We are still waiting for more information on the exact methodology. But it won't be the last time we hear of a similar attack scenario.
Two malicious packages discovered in the #npm package repository have been found to conceal an open source information stealer #malware called TurkoRat.
The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down.