LockBit Is Using RMMs to Spread Its Ransomware | Okta Agent Involved in MGM Resorts Breach, Attackers Claim

The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware. [TechWeb]( Follow Dark Reading: [RSS]( September 21, 2023 LATEST SECURITY NEWS & COMMENTARY [LockBit Is Using RMMs to Spread Its Ransomware]( The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware. [Okta Agent Involved in MGM Resorts Breach, Attackers Claim]( ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely. ['Scattered Spider' Behind MGM Cyberattack, Targets Casinos]( The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions. [FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service]( The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says. [China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign]( "SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says. [Microsoft Azure Data Leak Exposes Dangers of File-Sharing Links]( Shared Access Signature (SAS) link exposed a storage bucket with 38TB of private data, including passwords, Teams messages, and the backups of two Microsoft AI research employees' workstations. [Trend Micro Patches Zero-Day Endpoint Vulnerability]( The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks. [How to Transform Security Awareness Into Security Culture]( Leverage the human layer as a crucial cog in building cyber resilience within the organization. [How to Get Your Board on Board With Cybersecurity]( CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape. [Cybersecurity and Compliance in the Age of AI]( It takes a diverse village of experts to enact effective cybersecurity guidelines, practices, and processes. [Name That Toon: Somewhere in Sleepy Hollow]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [Changing Role of the CISO: A Holistic Approach Drives the Future]( The CISO's role has grown far beyond supervising Patch Tuesday to focus on prevention and response and to cover people, processes, and technology. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [How to Mitigate Cybersecurity Risks From Misguided Trust]( Trust is the crucial bridge between security and people, but excessive or misguided trust can pose serious security risks. [How Choosing Authentication Is a Business-Critical Decision]( MFA may go a long way in improving password security, but it's not foolproof. [Engineering-Grade OT Protection]( The worst-case consequences of cyberattacks are sharply, qualitatively different on IT versus OT networks. [MORE]( EDITORS' CHOICE [MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents]( MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom. LATEST FROM THE EDGE [Will Generative AI Kill the Nigerian Prince Scam?]( A linguist analyzes whether GPT will improve the notoriously agrammatical scam — or finally render it a thing of the past. LATEST FROM DR TECHNOLOGY [Companies Explore Ways to Safeguard Data in the Age of LLMs]( Generative AI models are forcing companies to become creative about how they keep employees from giving away sensitive data. LATEST FROM DR GLOBAL ['ShroudedSnooper' Backdoors Use Ultra-Stealth in Mideast Telecom Attacks]( The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms. WEBINARS - [Using AI in Application Security Tooling]( As AI continues to improve, security vendors are considering how they can use AI to protect applications. In web application and API security tooling used to protect production environments, AI/ML can be used to enhance and complement existing tactics ... - [The Evolution of the Vulnerability Landscape in 2023]( While this summer has been jokingly called "zero-day summer" by some, 2023 fits Mandiant observations that zero-day exploitation has been trending upward for the last few years. As shown in our zero-day trends blog post, Mandiant tracked 55 zero-day vulnerabilities that we ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Mandiant Threat Intelligence at Penn State Health]( - [Evaluating SASE for the Work-From-Anywhere Era]( - [Work From Anywhere Doesn't Have to Be Complicated]( - [Rediscovering Your Identity]( - [2023 Global Future of Cyber Report]( - [Know your customer: Enable a 360-degree view with customer identity & access management]( [View More White Papers >>]( FEATURED REPORTS - [How to Use Threat Intelligence to Mitigate Third-Party Risk]( The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ... - [Everything You Need to Know About DNS Attacks]( - [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( Concerns over API security and low-code/no-code use added to an already-full plate of application security challenges for many organizations over the last year. IT and security decision-makers are deeply concerned about compromises resulting from vulnerabilities in the software supply ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Omdia Research Finds Risk-Based Vulnerability Management Set to Encompass the Vulnerability Management Market by 2027]( [OneLayer Expands Its Private Cellular Network Security Solutions to Operations and Asset Management]( [Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem, File-Share Environments]( [83% of IT Security Professionals Say Burnout Causes Data Breaches]( [Bishop Fox Expands Leadership With First CISO and CTO]( [Niagara Networks and Scope Middle East Announce Strategic VAD Partnership]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=118309&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_09.21.23&sp_cid=49896&utm_content=DR_NL_Dark%20Reading%20Weekly_09.21.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#17 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)