UK Cops Bust Teen In Connection with MGM Resorts Ransomware Attack

In a joint operation with the country's National Crime Agency (NCA) and the US FBI, UK police announced that they arrested a 17-year-old suspected of being connected to the ransomware attack against MGM Resorts last year.

"We have arrested a 17-year-old boy from Walsall in connection with a global cyber online crime group which has been targeting large organisations with ransomware and gaining access to computer networks," the West Midlands Police said. The police then explicitly point to the casino incident, writing, "The arrest is part of a global investigation into a large scale cyber hacking community which has targeted a number of major companies which includes MGM Resorts in America."

The FBI said, "Today's arrest is a testimony to the strength of the FBI's domestic, international, and private sector partnerships. In coordination with its partners, the FBI will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are."

The attack on MGM Resorts last September was an unusual collaboration between younger, English-speaking hackers and an Eastern European ransomware group called ALPHV. (Joseph Cox / 404 Media)

Related: West Midlands Police, Bloomberg, PC Mag, Engadget, Bleeping Computer, USA Today, The Record, The Verge, Express, The Register, Security Affairs

Spain's Civil Guard announced that three pro-Russian hackers of the "hacktivist" group NoName057(16) have been arrested for alleged DDoS attacks against Spain and other NATO countries for terrorist purposes.

The cyberattacks were allegedly carried out against web pages of public and private organizations in the government sectors, critical infrastructures, and essential services in countries that support Ukraine in the conflict with Russia, it said. Police released a video on social media platform X of a raid at the home of one of the suspects in which a Soviet-era hammer and sickle flag was mounted on a wall.

The Civil Guard said in a statement, "These computer attacks have been organized by the hacktivist group NoName057(16), (which started) after the invasion of Ukraine by Russia and (which has been) one of the most active."

"In their own founding manifesto, this group acknowledges that they 'will respond proportionately in response to the hostile and openly anti-Russian actions of Western Russophobes.'" (Graham Keeley / Reuters)

Related: EU Today, MenaFN, Euromaidan Press, The Cyber Express, TVP World, Kyiv Post, AFP, Databreaches.net, Ukrainska Pravda, Nikvesti, Turkiye Today, Odessa Journal

The US Treasury Department sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two alleged members of a Russian cybercriminal gang called the Cyber Army of Russia Reborn (CARR) that has claimed responsibility for numerous hacks against US critical infrastructure providers, including a cyberattack in January that caused a tank at the Texas water facility in Muleshoe to overflow.

Treasury posted photos of the two alleged hackers, unmasking them from the anonymous social media accounts they tend to hide behind.

The string of hacks alarmed US officials because they were so easy to execute. The hackers logged into a sensitive industrial software system that is supposed to be separated from the public internet. 

According to the Treasury Department, the hack in January in the small town of Muleshoe, in north Texas, wasted tens of thousands of gallons of water. It coincided with at least two other towns in north Texas taking precautionary defensive measures. (Sean Lyngaas / CNN)

Related: Treasury Department, Lubbock Avalanche-Journal, KCBD, UPI, Cyberscoop

The Los Angeles County Superior Court system was hit by a ransomware attack Friday morning unrelated to the CrowdStrike outage, prompting officials to disable network systems through at least the weekend.

According to a court statement, after discovering the attack, the court's network systems were disabled to minimize the damage. Those systems are expected to be offline through at least the weekend to address the issue.

Officials did not specify which "network systems" had been disabled. However, as of 6 p.m. on 7/21, multiple pages on the court's website, including the jury portal, weren't working and returned error messages. (Andrew Khouri / Los Angeles Times)

Related: NBC Los Angeles, The Signal, KCRA, Associated Press, Orange County Register, Hoodline, My News LA, Daily Journal, Jurist

Brian Gilbert, former senior manager of special operations for eBay's global security team, was sentenced to time served, one year of supervised release provided that he has no contact with victims, and was ordered to pay a $20,000 fine for his role in a cyberstalking campaign that included sending a preserved fetal pig, a bloody pig Halloween mask.

Investigators said Gilbert and others targeted David and Ina Steiner. The couple produced an online newsletter called EcommerceBytes that upset eBay executives with its coverage.

In October 2020, Gilbert pleaded guilty to conspiracy to commit cyberstalking and conspiracy to tamper with witnesses. (Steve LeBlanc / Associated Press)

Related: MetroWest Daily News, Boston Globe

Crypto lending protocol Rho Markets disclosed a $7.5 million security breach on its platform, which runs on the Ethereum Layer 2 solution Scroll.

The attack was on the Oracle controls, leading to the temporary shutting down of the platform.

The platform assured the users that most pools are still safe and that they will reopen as soon as the problem is sorted out.

Blockchain detective ZachXBT revealed that the hacker contacted RhoMarkets through an on-chain message that read, "Hello RHO team, our MEV bot profited from your price oracle misconfiguration. We understand that the funds belong to users and are willing to fully return. But first, we would like you to admit that it was not an exploit or a hack, but a misconfiguration on your end. Also, please provide what you are going to do to prevent it from happening again."

In response to the attacker's message, Scroll advised all users to revoke all approvals to Scroll's contracts until further notice. (Kelvin Munene Murithi / CoinGape)

Related: Web3IsGoingJustGreat, DL News, cryptonews, The Crypto Times, Cryptoslate, Protos, Bitcoinist

WazirX, one of India's largest cryptocurrency exchanges, has "temporarily" suspended all trading activities on its platform days after losing about $230 million, nearly half of its reserves, in a hack last week and is now offering a bounty of $23 million to recover the stolen assets.

The exchange said that the cyber attack had substantially impaired its ability to maintain the critical 1:1 collateral ratio with assets, a move that raises more concerns about the adequacy of WazirX's reserves and its ability to fully reimburse its customers.

WazirX suspended customer withdrawals earlier this week after an attacker accessed one of the exchange's multi-signature wallets, where crypto assets worth hundreds of millions of dollars were stored. WazirX's impacted wallet was protected by six signatories, five of whom were with the WazirX team.

WazirX has also offered a prize of $23 million as a part of its bounty program to recover the $230 million assets stolen during the attack. (Manish Singh / TechCrunch and Pooja Yadav / Inc42)

Related: WazirX Blog, CoinGape, The Block, Crypto Adventure, The Crypto Times, Bitcoin News, Coinpedia Fintech News, Crypto Briefing, CryptoPotato, The Crypto Times, CoinGape, cryptonews

The Greek Ministry of Digital Governance said that hackers launched over 400 cyberattacks to infiltrate Greece's land registry but could not access the database.

While they managed to gain entry to a security backup, the hackers were unable to exfiltrate data to a server outside Greece, the ministry said. Some internal documents were stolen from staff terminals, but citizens' private data is safe.

No ransomware software has been detected to date. (AFP)

Related: ET CISO, Ekathimerini, Greek City Times, UNN, The National Herald

Nigeria's Federal Competition and Consumer Protection Commission (FCCPC) said it fined Meta Platforms $220 million after investigations showed data-sharing on social platforms violated local consumer, data protection, and privacy laws.

The FCCPC said Meta appropriated the data of Nigerian users on its platforms without their consent, abused its market dominance by forcing exploitative privacy policies on users, and meted out discriminatory and disparate treatment on Nigerians, compared with other jurisdictions with similar regulations.

FCCPC chief Adamu Abdullahi said the investigations were jointly held with Nigeria's Data Protection Commission and spanned over 38 months. He said the investigations found Meta policies don't allow users the option or opportunity to self-determine or withhold consent to the gathering, use, and sharing of personal data. (Louise Heavens and Rod Nickel / Reuters)

Related: Bloomberg, Channel NewsAsia, Federal Competition & Consumer Protection Commission, TheNigeriaLawyer, Punch Newspapers, Nairametrics

Google announced that "the time has come to turn off the serving portion of Google URL Shortener" and that any links in the https://goo.gl/* format will respond with a 404 error next year.

Ahead of the shutdown, goo.gl links will start showing an interstitial page on August 23rd, 2024, notifying users that "this link will no longer work in the near future." This message will initially appear for a "percentage of existing links," which will increase as the deadline draws closer.

Google encourages developers to update impacted links as soon as possible, but this interstitial page may disrupt link redirections. (Jess Weatherbed / The Verge)

Related: Google, Tom's Guide, TechSpot, CNET, The Register, gHacks, Techopedia, Search Engine Land

A security researcher who goes by xyzeva found a vulnerability in a web app used by a16z, one of the most powerful and influential Silicon Valley venture capital firms, that exposed some data about the firm's portfolio companies.

xyzeva said she found "a really simple bug" that "basically gave access to everything" on a16z portfolio portal.

She said that she found exposed API keys on the site portfolio.a16z.com and that the information she could see included emails, passwords, and "company details and employees." She also could have sent emails as a16z and accessed previously sent emails from the company's account with Mailgun, an email delivery service. 

Bryan Green, the chief information security officer at a16z, confirmed that the company fixed the bug the same day xyzeva wrote the post and got in touch with the company, but said that the issue didn't affect sensitive data. 

"On June 30th, a16z addressed a misconfiguration in a web app that is used for the specific use case of updating publicly available information on our website, such as company logos and social media profiles. The issue was resolved quickly, and no sensitive data was compromised," said Green.

Although the company initially said it would try to set up a bug bounty payment for xyzeva, they later said they couldn't because she initially posted about the bug on X and that her follow-up post "incorrectly described 'full access to basically everything" and didn't signal the best intentions toward the a16z team. (Lorenzo Franceschi-Bicchierai / TechCrunch)

Related: Alacran Labs AI

Best Thing of the Day: Show Me the Money.

According to Crunchbase, venture funding for cybersecurity startups in Q2 24 had their best quarter year since Q1 22, surging 144% year-over-year.

Worst Thing of the Day: Tell Us Something We Don't Already Know

Guardian Australia took a new phone and email address and used them to sign up for Facebook account and Instagram accounts and discovered that three months later, the accounts' news feeds were riddled with sexist and misogynistic content.

Closing Thought

the FBI