Cyberattacks


  • Exterior of MGM Grand Hotel & Casino in Las Vegas
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM Resorts says hotel, casino operations back up and running

    The company was still working to restore online functionality for hotel reservations and rewards program users following a major cyberattack.

    By Sept. 21, 2023
  • Bottles of Clorox bleach on a supermarket shelf.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Clorox warns of product shortages a month after disclosing cyberattack

    The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.

    By Sept. 18, 2023
  • Brightly colored digital lock with central computer processor and futuristic circuit board. Explore the Trendline
    Image attribution tooltip
    da-kuk via Getty Images
    Image attribution tooltip
    Trendline

    Top 5 stories from Cybersecurity Dive

    High-profile cybersecurity incidents and a rush to adopt new technologies illustrate the tumultuousness of 2023 so far.

    By Cybersecurity Dive staff
  • An MGM Resorts sign
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM, Caesars attacks raise new concerns about social engineering tactics

    Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.

    By Sept. 18, 2023
  • Sponsored by Palo Alto Networks

    Decoding the complexities around Cloud Incident Response

    Unleash the power of the cloud with its countless advantages while staying ahead of cyber threats.

    By Ashlie Blanca, Consulting Director, Unit 42, Palo Alto Networks • Sept. 18, 2023
  • Hotel Exterior
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    Threat actors claim to have compromised MGM Resorts’ Okta environment

    AlphV may have used tactics similar to social engineering attacks disclosed by Okta in regulatory filing. 

    By Sept. 15, 2023
  • An exterior image of a hotel
    Image attribution tooltip
    Robert Mora via Getty Images
    Image attribution tooltip

    MGM Resorts disruption linked to recent attacks against hospitality industry

    Security researchers link the threat group Scattered Spider to a wave of malicious activity as Caesars Entertainment confirms social engineering attack in regulatory filing.

    By Sept. 14, 2023
  • An exterior image of a the Bellagio hotel in Las Vegas
    Image attribution tooltip
    Robert Mora via Getty Images
    Image attribution tooltip

    MGM Resorts discloses cyber incident in filing with SEC

    Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations. 

    By Sept. 13, 2023
  • Password input field
    Image attribution tooltip
    Getty via Getty Images
    Image attribution tooltip

    Compromised credential use jumps 300% in cloud intrusions: IBM

    Valid credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, IBM found.

    By Sept. 13, 2023
  • Exterior of MGM Grand Hotel & Casino in Las Vegas
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM Resorts takes systems offline as it investigates cyberattack

    The company restored full operations to dining, gaming and entertainment venues Monday night, following earlier reports payment systems, digital room keys and reservations systems were down at multiple properties. 

    By Updated Sept. 12, 2023
  • A jet comes in for landing at Los Angeles International Airport (LAX) in Los Angeles, California.
    Image attribution tooltip
    David McNew via Getty Images
    Image attribution tooltip

    Aviation sector organization hit by exploit of CVE duo

    Cybersecurity authorities investigated the attack by multiple threat actors who exploited known CVEs in Zoho and Fortinet products.

    By Sept. 8, 2023
  • A Microsoft logo is seen during the 2015 Microsoft Build Conference on April 29, 2015 at Moscone Center in San Francisco, California.
    Image attribution tooltip
    Stephen Lam via Getty Images
    Image attribution tooltip

    Microsoft crash dump exposed key that led to US cabinet email hacks, investigation finds

    A China-based threat group used the key to access a Microsoft engineer’s corporate account and, later, compromised more than two dozen customer email accounts.

    By Sept. 7, 2023
  • A signage of Microsoft in New York City
    Image attribution tooltip
    Jeenah Moon/Getty Images via Getty Images
    Image attribution tooltip

    BEC phishing kit hits thousands of Microsoft 365 business accounts

    Threat actors used the W3LL phishing kit to target more than 56,000 accounts, ultimately compromising 14% of them since last October, Group-IB found.

    By Sept. 7, 2023
  • Okta booth at RSA Conference on April 27, 2023 in San Francisco.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    Okta customers’ IT staff duped by MFA reset swindle

    IT workers at four organizations using Okta were successfully hit by a consistent pattern of social engineering attacks.

    By Sept. 6, 2023
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Barracuda patch bypassed by novel malware from China-linked threat group

    Mandiant uncovered a months-long cyber espionage campaign targeting high value government entities and technology firms in the U.S. and abroad.

    By Sept. 1, 2023
  • An image of Federal Bureau of Investigation Director Christopher Wray at a press conference.
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    US leads takedown of Qakbot malware, which automated initial infections

    The botnet and malware had infected more than 700,000 computers worldwide and was linked to the abuse of OneNote files.

    By Aug. 30, 2023
  • Aerial view of a large crowd of people.
    Image attribution tooltip
    Dmytro Varavin/Getty Images via Getty Images
    Image attribution tooltip

    MOVEit attack victim count surpasses 1,000 organizations

    Months after the campaign was discovered, victims are still coming forward and, in most cases, breaches at third-party vendors are to blame.

    By Aug. 28, 2023
  • A stack of medical records displayed on a desk.
    Image attribution tooltip
    Alexandre Schneider/Getty Images via Getty Images
    Image attribution tooltip

    Prospect Medical stolen data listed for sale by emerging ransomware group

    Rhysida claims it stole more than 500,000 Social Security numbers, financial, legal and medical files. And it’s all for sale on the dark web.

    By Aug. 25, 2023
  • Matrix background of blurred programming code.
    Image attribution tooltip
    Getty Plus via Getty Images
    Image attribution tooltip

    Ransoming Linux and ESXi systems is getting easier

    Threat actors are using memory-safe languages to release payloads for Windows, Linux and ESXi simultaneously, SentinelOne researchers warn.

    By Aug. 24, 2023
  • Image attribution tooltip
    Getty Images / Staff via Getty Images
    Image attribution tooltip

    Hackers target Pentagon contract site via compromised routers

    Research from Black Lotus Labs says the new activity aligns with recent state-linked campaigns, including Volt Typhoon.

    By Aug. 23, 2023
  • Hourglass projects a dollar sign as shadow against a black/grey background
    Image attribution tooltip
    LdF via Getty Images
    Image attribution tooltip

    Ransomware attack dwell times fall, pressuring companies to quickly respond

    The median dwell time for ransomware attacks hit a new low of five days in the first half of the year, according to Sophos.

    By Aug. 23, 2023
  • Cones of strawberry, vanilla and chocolate ice cream stick out of a glass jar with an ice cream scoop and spoons on a blurred counter background.
    Image attribution tooltip
    ahirao_photo via Getty Images
    Image attribution tooltip

    MOVEit attack spree makes Clop this summer’s most-prolific ransomware group

    The financially-motivated threat actor was responsible for one-third of all ransomware attacks in July, according to NCC Group and Flashpoint.

    By Aug. 22, 2023
  • exclamation point depicted hovering above network infrastructure
    Image attribution tooltip
    Just_Super/Getty Images via Getty Images
    Image attribution tooltip

    Cuba ransomware group exploits Veeam to hit critical infrastructure

    The threat actor also used malicious tools from previous campaigns, according to BlackBerry research.

    By Aug. 21, 2023
  • Petro-Canada has more than 1,500 retail locations across the nation of Canada.
    Image attribution tooltip
    Courtesy of Suncor
    Image attribution tooltip

    Suncor CEO says company mostly recovered from June cyberattack

    The incident was serious and not worth repeating, President and CEO Rich Kruger said. "I’d rather have a root canal than go through one of these attacks again.”

    By Aug. 17, 2023
  • AWS logo on display at AWS Summit New York, July 26, 2023.
    Image attribution tooltip
    Courtesy of AWS
    Image attribution tooltip

    AWS customers’ most common security mistake

    All too often organizations are not doing least-privilege work with identity systems, AWS’ Mark Ryland told Cybersecurity Dive.

    By Aug. 16, 2023
  • The Dallas skyline
    Image attribution tooltip
    Pgiam via Getty Images
    Image attribution tooltip

    Dallas to pay vendors $8.6M for their ransomware recovery services

    The city paid vendors for hardware, software, incident response, consulting and monitoring in the wake of the attack.

    By Aug. 14, 2023