September 7-13, 2023 | Issue 31 - NORTHCOM and CICYBER
Virginia Martos Blanco, Arnold R. Koka, Nicholas Novak, Martina Sclaverano
Alya Fathia Fitri, Editor; Jennifer Loy, Chief Editor
Apple iPad[1]
Date: September 7, 2023
Location: Global
Parties involved: US government; Apple; Israeli government; Israeli cyber-intelligence firm NSO Group; EU
The event: BLASTPASS, a zero-click exploit chain deployed NSO Group's Pegasus commercial spyware onto iPhone 8 and up running iOS 16.6, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later, Macs running macOS Ventura, Apple Watch Series 4 and later. The attackers used two bugs known as CVE-2023-41064 and CVE-2023-41061 to compromise fully patched Apple devices without interaction from the victim.[2]
Analysis & Implications:
Consistent publicity of the use of Pegasus spyware will likely increase the focus of governments and international organizations on limiting the acquisition and use of spyware for domestic surveillance. The increased public policy on the use of spyware will unlikely limit its usage as governments will likely exploit national security matters, motivating its utilization. There is a roughly even chance that the US and the EU will pressure the Israeli government to increase domestic controls on NSO Group’s Pegasus sales policies.
NSO Group will almost certainly continue selling Pegasus commercial spyware to foreign governments. NSO Group is very unlikely to enhance monitoring processes on the client’s use of the spyware, likely driving criticism over alleged assistance for violations of human rights and freedom of speech and communication. Despite the criticism, governments will likely seek the Pegasus commercial spyware as the main spyware to conduct surveillance and investigations over their citizens.
Date: September 10, 2023
Location: Las Vegas; Massachusetts; Michigan; Mississippi; Maryland; Ohio; New Jersey; USA
Parties involved: American hospitality and entertainment company MGM Resorts International; MGM Resorts customers
The event: A cybersecurity issue compromised the digital services and administrative systems of MGM Resorts. The cyberattack shut down the company’s website, in-casino services, hotel reservation and digital keys system, and ATMs. MGM facilities temporarily resorted to manual operations, such as managing reservations by phone, while technicians tried to fix the issue.[3]
Analysis & Implications:
The cyberattack will very likely compromise MGM customers’ data. Credit card information stolen from reservation and casino servers will likely be sold on the dark web, likely forcing customers to block existing cards and create new ones. The threat actor has a roughly even chance to encrypt personal data belonging to high-profile customers and demand ransom, as the data stolen from casino records will very likely include wealthy individuals.
MGM Resorts will almost certainly increase its cybersecurity protocol, preventing future attacks. The company will very likely hire professional hackers to conduct penetration testing and identify vulnerabilities in their systems. In the upcoming months, MGM will very likely request auditing of its cybersecurity measures and publish the reports as a commitment to protecting their data, likely gaining back customers’ trust. MGM employees will very likely follow up-to-date digital security training against phishing, social engineering, and n-day exploits, very likely preventing human errors leading to new data breaches and DDoS.
[2] Apple zero-click iMessage exploit used to infect iPhones with spyware, Bleeping Computer, September 2023, https://www.bleepingcomputer.com/news/security/apple-zero-click-imessage-exploit-used-to-infect-iphones-with-spyware/
[3] MGM Resorts shuts down IT systems after cyberattack, Bleeping Computer, September 2023, https://www.bleepingcomputer.com/news/security/mgm-resorts-shuts-down-it-systems-after-cyberattack/amp/