Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more

Share post:

Hackers are targeting luxury hotels, a Red Cross scam and more.

Welcome to Cyber Security Today. It’s Wednesday, September 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

The recent cyber attacks on MGM Resorts and Ceasar’s Palace weren’t isolated incidents. That’s according to researchers at Cofence. In a report this week they said luxury hotel chains and resorts are now being targeted by an unnamed group. It’s part of wider attacks on the hospitality sector. The goal is to trick victims into downloading malware that steals information from computers like passwords.

The campaign sends emails and instant messages to employees such as phony room booking requests. In follow-up messages the hacker sends an infected attachment — for example, a photo of food or a list of cleaning products the supposed guest is allergic to. The trick: The attachments are in a password-protected format, with the password supplied in the message so it can be opened. This tactic may get around email defences. The email campaign isn’t new but it picked up in August, and, the researchers say, “has continued at an alarming rate” this month. Security awareness training of employees is vital to help stop this type of attack.

A threat actor is impersonating the U.S. Red Cross in a phishing campaign with the goal of infecting computers. That’s according to researchers at NSFocus. Targeted people get an email with an attachment entitled ‘Blood Drive September 2023.” To read it the victim has to click a button to disable macros so the attachment’s content can be shown. That’s the trick. If an employee enables macros the hidden malware executes. IT should configure all employee systems to not allow macros in externally created documents to run. Employees need to be regularly reminded not to bypass that security control without management or administrator permission.

One of Britain’s biggest privately owned trucking companies, KNP Logistics, declared insolvency on Monday in the aftermath of a ransomware attack three months ago. According to a news report the company had been in financial trouble before that. But the attack meant it couldn’t secure additional funding. The insolvency has cost over 700 people their jobs.

More on ransomware: Researchers have found a new criminal group that over the past 12 months has installed seven different ransomware strains in victims’ networks. The researchers, from Group-IB and Bridewell, aren’t sure if the gang they call ShadowSyndicate is an affiliate of a ransomware-as-as-service group, or an initial access broker responsible for initially breaking into an IT network.

Finally, administrators of Openfire messaging servers are being warned to install a patch to close a vulnerability in the software that’s been known about since May. Threat actors are spreading malicious plugins that can take advantage of the hole if it hasn’t been patched yet, according to researchers at Doctor Web. An exploit performs a directory traversal attack allowing unauthorized access to the Openfire administrative interface. Then the attacker can create a new user with administrative privileges. And we all know where that goes.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Sept. 27 2023 – Hackers are targeting luxury hotels, a Red Cross scam and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Costs from Global CrowdStrike Outage Could Exceed $1 Billion

The global tech outage caused by a faulty CrowdStrike update on Friday could result in damages exceeding $1...

CrowdStrike exec’s ironic prediction: Hashtag Trending for Tuesday, July 23, 2024

CrowdStrike predicts their own issues, VMWare continues to confuse, the work week in Bangalore will amaze and Microsoft...

CrowdStrike update: Warnings from national cyber agencies, repair options from Microsoft

National cybersecurity agencies in the U.S., Canada, the U.K. and Australia issued security warnings about the faulty CrowdStrike...

Worst cyber event in history: CrowdStrike – Cyber Security Today and Hashtag Trending Special Edition for Monday, July 22, 2024

This is a special edition of Cyber Security Today and Hashtag Trending for Monday, July 22, 2024 I’m Jim...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways