HoneyLake ltd

The Deception Lab series presents "Social Engineering Chronicles" (episode #2) "The 2023 Social Engineering Attack on MGM Resorts and Caesars Entertainment."   One of the most high-profile social engineering attacks targeted two of the largest casino operators in the United States: MGM Resorts and Caesars Entertainment. A hacking group used social engineering as the attack method.   Attack tactics used 1. The group meticulously researched their targets using publicly available data from platforms like LinkedIn to identify key personnel. 2. Attackers posed as employees and contacted the companies’ IT help desks, convincing them to reset credentials and provide access. 3. Once inside, the attackers accessed sensitive systems, exfiltrated data, and deployed ransomware to disrupt operations.   Impact - Loss of revenue due to service interruptions. - Widespread customer dissatisfaction and reputational damage. - Emergency cybersecurity response expenses. - Regulatory and legal consequences for failing to protect customer data.   Caesars Entertainment faced a similar breach but with an additional dimension: data theft. To mitigate the threat of public exposure, Caesars reportedly paid a $15 million ransom.   The 2023 attacks illustrate  several crucial cybersecurity challenges: 1. the rising threat of social engineering attacks: traditional security measures like firewalls and encryption do little to prevent human manipulation. 2. the limitations of MFA, in case of social engineering attack. 3. whether a company chooses to pay a ransom or not, the financial repercussions are either way severe. It is wiser and easier to avoid being attacked than dealing with ransoms. Just by providing the employees training about social engineering by doing phishing simulations is not enough anymore. Not in the current stage of evolution of social engineering attacks.   Social Engineering  countermeasures: 1.       regular security awareness training  (considering the rapid evolution of social engineering attacks) 2.       proper verification procedures. 3.       implementing stricter controls for verifying requests. Consider biometric authentication and secondary approvals for sensitive actions. 4.       implementing a "0 trust" approach to internal network access can reduce unauthorized lateral movement. 5.       regularly testing and updating incident response protocols to ensure rapid containment and mitigation in case of a breach.   It is cheaper to prepare beforehand than deal with a catastrophe later. 1000€ now or 100 000€ later?

The Deception Lab series presents "Social Engineering Chronicles" (episode #1) "The attack on Arup Group" One of the costliest social engineering attacks of 2024 was on the British multinational design and engineering firm Arup Group. This attack resulted in a loss of around €23 million. What happened? In May 2024, a finance employee at Arup’s Hong Kong office received a message supposedly from the company’s CFO, requesting the initiation of confidential transactions. Unbeknownst to the employee, the individuals on the call were sophisticated deepfake representations—AI-generated videos mimicking the real executives’ appearances and voices. Convinced of the request's legitimacy, the employee authorized 15 transactions, cumulatively amounting to approximately €23 million. The funds were swiftly transferred to offshore accounts, making recovery efforts exceedingly challenging. Analysis of the Attack Modus Operandi: the use of advanced deepfake technology, exploitation of trust and authority, and rapid fund transfers to offshore accounts to obscure recovery efforts. The attackers employed cutting-edge deepfake technology to create convincing video and audio impersonations of Arup’s executives. By leveraging publicly available footage and audio samples, they crafted realistic simulations that deceived employees. By impersonating high-ranking officials, they exploited the natural inclination of employees to comply with directives from top management, especially when presented in a seemingly authentic manner. The swift movement of funds to offshore accounts demonstrates the attackers’ strategic planning to obfuscate the money trail and hinder recovery efforts. What did we learn? The traditional markers of fraud, such as poor grammar or suspicious email addresses, are being replaced by sophisticated attacks like deepfakes, which are increasingly difficult to detect. Organizations must adopt multi-faceted verification processes that go beyond conventional methods. For example: implementing multi-factor authentication, biometric verification, and cross-verifications through independent channels can provide additional layers of security. Continuous education and training programs are essential to equip employees with the skills to identify and respond to emerging threats. Simulated social engineering exercises, awareness campaigns about new technologies, and protocols for verifying odd requests. How does your organization protect itself from social engineering attacks? What controls do you use? Are you confident enough to let us test them?