Welcome the second instalment in our blog series The Security Recap. This week we’ll be recapping the MGM Resorts data breach, the Scott Morrison phishing email & more.
You can read the previous blog instalment July Security Fails.
MGM Resorts Data Breach
MGM Resorts have had a lawsuit filed against them over a data breach that occurred last year. MGM have alleged that “they discovered unauthorised access to a cloud server that contained a limited amount of information of certain guests”. A spokesperson also said that the majority of the stolen data was guest’s names and phone numbers, they did not disclose the number of affected guests at the time.
However, this week ZDNet reported that the personal details of approximately 10.6 million guests at MGM were published on a hacking forum. The leaked details included guest’s full names, D.O.B’s, home addresses, phone numbers & email addresses.
The law firm Morgan & Morgan and lawyer John Yanchunis are handling the lawsuit against MGM resorts. Yanchunis has previously been associated with other data breach lawsuits including the Yahoo & Equifax data breaches. He was also involved in the case against Facebook and Cambridge Analytica for unlawfully obtaining users data back in 2017.
Prime Minister Phishing Scam
Towards the end of last month, a phishing email impersonating the Australian Prime Minister, Scott Morrison, began circulating. The email is seemingly legitimate with the email domain name being ‘@pm.gov.au’.
The email contains an image of Scott Morrison and a message that says ‘Invitation from the Prime Minister’ along with a malicious hyper-linked PDF that redirects users to a SharePoint branded phishing website.
Google AdSense Ransomware
A new type of ransomware attack is currently making the rounds. Traditionally, ransomware has used social engineering and emails as its predominant method of attack. However, this particular type of ransomware targets Google AdSense users.
Google AdSense is a cost-per-click (CPC) advertising program, it gives incentives to websites for advertising. The ransomware threatens to flood user’s ads with bot traffic which would trigger Google’s anti-fraud system and subsequently, the user’s account would be suspended. The attackers demand $5000 dollars’ worth of Bitcoin in exchange for not sending bot traffic.
NSW Man Charged with Unauthorised Access
A NSW man has been charged by police for accessing the servers of a company he was employed as a contractor to without authorisation.
Police will allege that the man “remotely accessed the server and downloaded documents”. The man is also alleged to have “deleted 350 downloaded files after a court order was issued to access his computer”.
The Issue
Security threats are continually expanding and evolving. This instalment of The Security Recap saw a multi-million-dollar corporation become the victims of a data breach and a Sydney business become the victim of corporate espionage.
A security incident can be detrimental to your business’ reputation. Security as a Service is an integral part of Managed IT Services. Call Milnsbridge today to safeguard your business from security risks on 1300 300 293.
