This Week in Security: Next-Gen Casino ‘Fishing’ Attack…

Casino Data Leakage via Next-Gen ‘Fishing’ Attack

Our industry is continuously inundated with new and innovative offensive techniques. Or, in this case… off-FIN-sive. While leveraging typical Internet of Things (IoT) devices has become commonplace, seeing atypical devices leveraged in novel attacks is something of a treat from our research teams’ perspective.

This week, news broke of an attack focused on an American casino. The result of said attack was ultimately the exfiltration of ~10GB of sensitive company data.

What makes this interesting is the particular connected device leveraged in the attack. The attackers behind the campaign were able to compromise a connected fish tank as a bridgehead of sorts. Once the connected fish tank was compromised, they were able to use it to gain persistence and perform further actions within the targeted environment (internal scanning, lateral movement, data manipulation and movement).

In the end, the attackers were able to move the near 10GB of company data to an external server in Finand (of all places). The actual need for a smart/connected fish tank may be open to debate, but in this case, the off-FISH-al purpose of the Internet connectivity is reported to be specific to remote monitoring and management. Not at all dissimilar from various SCADA, ICS and similar systems.

The lessons gleaned from this attack are also similar. When dealing with these types of devices, we need to be highly aware of the points of exposure and properly manage any associated risk. Mitigate or remove exposure and ingress/egress points where possible, and do not take any of these technologies for granted when it comes to patching/firmware/updates, etc.

Vendors can carp on about the convenience of Internet connectivity as much as they like, but the more we connect to the external world, the more we have to stay on top (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Research and Intelligence Team. Read the original post at: Cylance Blog