Welcome to our latest monthly review of cyber attacks and data breaches. In September 2022, we found 85 publicly disclosed security incidents, accounting for 35.6 million breached records.
As ever, you can find the full list of security incidents on our sister site. In this blog, we look at the cyber security headlines across Europe.
InterContinental hotels attacked ‘for fun’
September began with the InterContinental Hotels Group confirming that it had been targeted by a suspected ransomware attack.
The organisation, which operates more than 6,000 hotels around the globe, said that it was investigating “unauthorised access” to several of its computer systems.
It added that its hotels “are still able to operate and take reservations directly”, although many people trying to make reservations experienced difficulties.
Few details were released initially about exactly how the attack happened, but all signs pointed to ransomware. Most notably, InterContinental said that no personal data was compromised, which is the biggest hint that this wasn’t a traditional cyber attack intended to steal information.
Whereas most cyber attacks are designed to capture personal information that can be sold on the dark web, ransomware works by encrypting the victim’s systems and demanding money to restore access.
The fact that InterContinental experienced a prolonged network outage hinted that this could have been the case here.
Plus, in August, a Holiday Inn in Istanbul was breached by the LockBit ransomware gang in a potentially related incident.
After several weeks of speculation, the criminal hackers behind the incident took credit for the attack and revealed how it was done.
The attackers, believed to be a couple from Vietnam, said they found an online database that was protected by a weak password (‘Qwerty1234’) and decided to exploit the weakness because it would be “funny”.
They provided screenshots as evidence that they had carried out the attack, showing that they had accessed the internal Outlook emails, Microsoft Teams chats and server directories.
The couple gained access to the systems by tricking an employee into downloading malware through an infected email attachment.
Although they originally planned to conduct a ransomware attack, InterContinental’s defences repeatedly thwarted them by isolating its servers before the malware could be deployed.
Changing tactics, they used wiper malware, which unlike ransomware doesn’t simply encrypt data but destroys it.
Wiper attacks are rare, because unless the cyber criminals have already stolen the organisation’s data, there is no financial benefit to be had.
Cyber security specialist Rik Ferguson explained that the use of wiper malware was born out of vindictive frustration.
“They couldn’t make money so they lashed out, and that absolutely betrays the fact that we are not talking about ‘professional’ cybercriminals here.”
He added that the incident is a cautionary tale. Even though InterContinental was able to fend off the attack, the criminal hackers were still able to inflict damage.
Speaking to the BBC, the couple showed no remorse. “We don’t feel guilty, really. We prefer to have a legal job here in Vietnam but the wage is average $300 per month. I’m sure our hack won’t hurt the company a lot,” they said.
InterContinental later confirmed that it had restored its systems. In a statement, the hotel group wrote: “Service at our reservation and customer care call centres has been recovered and all our systems restored.
“During the disruption in our central systems, IHG-branded hotels continued to operate and were able to take reservations directly.”
Grand theft Grand Theft Auto
The InterContinental hack wasn’t the only ill-considered cyber attack conducted this month by an unlikely perpetrator.
In the early hours of September 18, someone posted an hour’s worth of footage from the upcoming Grand Theft Auto VI to an online forum in what has been described as the biggest security breach in video game history.
The individual, going by the name of ‘teapotuberhacker’, published a series of videos and images from an in-development version of the highly anticipated game.
The content quickly spread online, with news reports, YouTube videos and Twitter posts debating the veracity of the footage. Some believed it was a modified version of a previous GTA, while others insisted it was real.
When Rockstar Games and its parent company Take-Two began removing the content from YouTube, it signalled that the leaks were genuine.
Source: Bleeping Computer
Take-Two later confirmed that was the case, while the game’s developers were reportedly “devastated” by the leak.
Things aren’t looking much better for teapotuberhacker. After a misguided attempt to blackmail Rockstar Games, the gaming community rallied against them, and less than a week later, they were arrested in the UK.
The 17-year-old suspect, whose identity has not been released due to UK laws protecting minors accused of crimes, was charged with multiple counts of computer misuse and breaches of bail.
Although the police declined to specify what the teenager’s arrest was in connection with, they are believed to have breached both Rockstar Games and – in a separate attack – the ride-sharing app Uber.
Both attacks used the same technique, with the criminal hacker compromising the organisation’s internal feed on the Slack messaging app.
Rockstar Games said that the attacker was able to leverage this access to steal intellectual property, including source code, assets and testing builds from both GTA V and GTA VI.
The attacker also leaked plot details, game mechanics, playable characters and other information.
“We are extremely disappointed to have the details of our next game shared with you all in this way,” Rockstar Games said in an official statement.
“Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations. We will update everyone again soon and, of course, will properly introduce you to this next game when it is ready.”
Are you prepared for a cyber attack?
If you’re facing a cyber security disaster, IT Governance is here to help.
Our Emergency Cyber Incident Response Service provides the support you need to deal with the incident, as our experts guide you through the recovery process.
They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.