Cyberattacks on the video game industry, big-name brand data breaches and the Tea Pot gangster make headlines this week. Here are the latest threats and advisories for the week of September 23, 2022.

Threat Advisories and Alerts

Iranian Cybercriminals Target Western Nations

Bad actors associated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) have been exploiting Microsoft Exchange, Fortinet and VMware Horizon Log4j vulnerabilities. The attacks have hit critical US infrastructure sectors as well as Canadian, Australian and U.K. organizations. Rather than targeting specific sectors or entities, the cybercriminals are exploiting known vulnerabilities on unprotected networks to extort data and encrypt discs in support of their ransom operations.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-257a

Cybercriminals Steal Millions via Healthcare Payment Processors

The FBI has received multiple reports that healthcare payment processors have become a target for cybercriminals. Social engineering techniques and publicly-available personally identifiable information (PII) have been used to impersonate victims and obtain access to healthcare portals, payment information and files—leading to millions in stolen funds. To prevent further attacks, the FBI recommends that network defenders use multi-factor authentication, well-maintained anti-malware and anti-virus software, cybersecurity employee training, and other mitigations.

Source: https://www.ic3.gov/Media/News/2022/220914-2.pdf

Australian Telco Hit by Data Breach

Customers of Australian telco Optus have been caught up in a cyber-attack that may have exposed the personal information of 9.8 million people. Emails from Optus to customers caught up in the data breach began landing in people’s inboxes about 4pm on Friday, roughly 24 hours after the attack was first reported. “The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as driver’s license number or passport number. No copies of photo IDs have been affected,” an email to Optus customers from the organization said.

Source: https://www.theguardian.com/australia-news/2022/sep/23/optus-cyber-attack-leaves-customers-feeling-powerless-over-risk-of-identity-theft  

Emerging Threats and Research

LAPSUS$ Group and the Tea Pot Gangster Breach Uber

The San Francisco-based taxi-to-food delivery tech giant Uber was breached last week. Uber believes the bad actor, a teenager who goes by the alias Tea Pot, is associated with the notorious LAPSUS$ extortion gang. To infiltrate the ride-sharing company’s defenses, Tea Pot used the increasingly popular MFA fatigue attack, which involves sending a flood of multi-factor authentication requests to a victim until one is accepted. While Uber didn’t share how many employee accounts were compromised, the company stated there’s no evidence the bad actor accessed production systems or made unauthorized code changes.

Source: https://thehackernews.com/2022/09/uber-blames-lapsus-hacking-group-for.html

Cyberattack Hits 2K Video Games Help Desk

The video game juggernaut 2K confirmed that its help desk platform was compromised. The bad actors used fake support tickets to target customers, pushing malware on them through malicious links. Players who clicked the malicious links should reset any account passwords stored in their browsers, enable multi-factor authentication and install and run anti-virus. The support portal has been temporarily taken down while the issue is addressed and 2K will notify players when it’s safe to use again.

Source: https://www.bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/

American Airlines Announces Data Breach

A phishing attack on American Airlines employee inboxes exposed customer and staff information. The attack, which occurred in July, was announced this week by the airline. American Airlines said, “a very small number of customers’ and employees’ personal information” was in the breached emails, suggesting that the cybercriminals may not have accessed corporate data stores. However, the bad actors could have obtained mailing and email addresses, names, birth dates, passport and driver’s license numbers, phone numbers and medical information.

Source: https://www.infosecurity-magazine.com/news/american-airlines-breach-customer/

Tea Pot Gangster Likely Behind Rockstar Games Cyber-Heist

Not done after targeting Uber, Lapsus$ and the Tea Pot gangster seem to have struck again this week, this time hitting video game powerhouse Rockstar Games. Some 50 minutes of in-development footage for the upcoming Grand Theft Auto 6 video game was posted online and then shared widely on social media. While the attacker claims to have stolen source code for Grand Theft Auto 5 and the in-development version of Grand Theft Auto 6, Rockstar has yet to confirm if anything was stolen beyond the posted video clips. The cybercriminal, who used the account name teapotuberhacker, says he was also responsible for the recent Uber breach.

Source: https://www.infosecurity-magazine.com/news/gta-publisher-rockstar-games-hacked/

To stay updated on the latest cybersecurity threats and advisories, look for weekly updates on the (ISC)² blog. Please share other alerts and threat discoveries you’ve encountered and join the conversation on the (ISC)² Community Industry News board.