Information Technology

The FBI said this week that thousands of people had filed complaints about online romance scams that resulted in losses totaling about $133 million.In a release, the FBI explained that from January 1 to July 31, the FBI Internet Crime Complaint Center received more than 1,800 complaints about romance scams where victims were coerced into sending money digitally or trading cryptocurrency for another person. “The scammer’s initial contact is typically made via dating apps and other social media sites. The scammer gains the confidence and trust of the victim — through establishing an online relationship — and then claims to have knowledge of cryptocurrency investment or trading opportunities that will result in substantial profits,” the FBI said in a statement.”The scammer directs the victim to a fraudulent website or application for an investment opportunity. After the victim has invested an initial amount on the platform and sees an alleged profit, the scammers allow the victim to withdraw a small amount of money, further gaining the victim’s trust. After the successful withdrawal, the scammer instructs the victim to invest larger amounts of money and often expresses the need to ‘act fast.’ When the victim is ready to withdraw funds again, the scammers create reasons why this cannot happen.” Even more funds are extracted from victims when cybercriminals say there are additional taxes or fees that need to be paid. Some scammers include a “customer service group” to siphon more funds from a victim and generally stop answering messages once there is no money left to steal. The FBI said earlier this year that they had received a record number of complaints about online scams and fraud. Interpol released a similar warning in January. In July, a resident of Houston, Texas was sentenced to over seven years in jail for his role in romance and business scams that netted over $2.2 million in illicit proceeds. Last week, a former US Army reservist was sentenced to over three-and-a-half years in prison for conducting both romance and Business Email Compromise (BEC) scams.

Paul Bischoff, privacy advocate at Comparitech, told ZDNet that in 2020 alone, reported losses to romance scams reached a record $304 million, about a 50% increase on 2019’s $201 million, according to the FTC. The FBI reported $475 million in losses in the same year, Bischoff added.He noted that the FBI’s numbers are often at odds with those presented by the FTC. 
Image: FTC
Romance scams accounted for larger losses than any other type of scam, according to the FTC. “The majority of romance scam victims are women over the age of 50, according to the FBI.  Given that elder fraud is hugely underreported, the real figures are likely much higher. The scam starts on dating apps or social media, where the scammer approaches the victim and begins a grooming process,” Bischoff explained.”This often involves love bombing, or showering the victim with affection to make them feel infatuated. The next step might involve the victim sending something that the scammer can use against them, such as compromising photos. Scammers often try to trick victims into sending money, but victims can also be used as mules for money laundering or smuggling illegal goods.”The elderly are often the prime targets for these kinds of scams — particularly during the COVID-19 pandemic — because they are often socially isolated and in need of personal connection. Bischoff noted that romance scams often go on for a long time, with victims continuing to send money even after they realize they’re being scammed, either due to romantic feelings for the scammer or because they’re being blackmailed.Romance scams have long been a go-to method for cybercriminals to steal money and valuable personal information from people. From 2017 to 2021, romance scams were one of the top five most lucrative scams perpetrated against military personnel, according to the Federal Trade Commission. US military members lost $92 million through romance scams between 2017 and 2021, with the median loss hovering around $2,500.  More

CISA is urging users of Zoho’s ManageEngine ADSelfService Plus to update their tools, noting that APT actors are actively exploiting a recently discovered vulnerability. Zoho ManageEngine ADSelfService Plus build 6114, which Zoho released on September 6, 2021, fixes the vulnerability. ManageEngine ADSelfService Plus is a widely used self-service password management and single sign-on solution. The critical authentication bypass vulnerability affects representational state transfer (REST) application programming interface (API) URLs that could enable remote code execution.

ZDNet Recommends

In a joint advisory sent out this week, CISA, the FBI and the US Coast Guard Cyber Command said APT actors have already targeted “academic institutions, defense contractors and critical infrastructure entities in multiple industry sectors — including transportation, IT, manufacturing, communications, logistics, and finance.”According to CISA, cybercriminals and nation-states exploiting the vulnerability are able to upload a .zip file containing a JavaServer Pages (JSP) web shell masquerading as an x509 certificate: service.cer. From there, more requests are made to different API endpoints to further exploit the victim’s system, according to the advisory. “After the initial exploitation, the JSP web shell is accessible at /help/admin-guide/Reports/ReportGenerate.jsp. The attacker then attempts to move laterally using Windows Management Instrumentation (WMI), gain access to a domain controller, dump NTDS.dit and SECURITY/SYSTEM registry hives, and then, from there, continues the compromised access. Confirming a successful compromise of ManageEngine ADSelfService Plus may be difficult — the attackers run clean-up scripts designed to remove traces of the initial point of compromise and hide any relationship between the exploitation of the vulnerability and the web shell,” CISA explained. “Illicitly obtained access and information may disrupt company operations and subvert US research in multiple sectors. Successful exploitation of the vulnerability allows an attacker to place web shells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.” 

CISA added that organizations need to ensure that ADSelfService is not directly accessible from the internet and the recommended “domain-wide password resets and double Kerberos Ticket Granting Ticket (TGT) password resets if any indication is found that the NTDS.dit file was compromised.”Threat actors have been exploiting the vulnerability since August, and CISA said they had seen a variety of tactics used to take advantage of the flaw, including frequently writing web shells to disk for initial persistence, obfuscating files or information, conducting further operations to dump user credentials and more. Others have used it to add or delete user accounts, steal copies of the Active Directory database, delete files to remove indicators from the host and use Windows utilities to collect and archive files for exfiltration. The situation is so serious that the FBI said it is “leveraging specially trained cyber squads in each of its 56 field offices and CyWatch, the FBI’s 24/7 operations center and watch floor, which provides around-the-clock support to track incidents and communicate with field offices across the country and partner agencies.”CISA is also offering affected organizations help, and the US Coast Guard Cyber Command said it is providing specific cyber coverage for marine transportation system critical infrastructure.Oliver Tavakoli, CTO at Vectra, told ZDNet that finding a critical vulnerability in the system intended to help employees manage and reset their passwords “is exactly as bad as it sounds.” Even if the ADSelfService Plus server were not accessible from the internet, it would be accessible from any compromised laptop, Tavakoli noted.He added that recovering from an attack will be expensive because “domain-wide password resets and double Kerberos Ticket Granting Ticket (TGT) password resets” are disruptive by themselves. The APT groups may have established other means of persistence in the intervening time, he noted. BreachQuest CTO Jake Williams said it was important that organizations note the frequent use of web shells as a post-exploitation payload. “In this case, threat actors have been observed using web shells that were disguised as certificates. This sort of activity should stand out in web server logs – but only if organizations have a plan for detection,” Williams said. “Given that this will certainly not be the last vulnerability that results in web shell deployment, organizations are advised to baseline normal behavior in their web server logs so they can quickly discover when a web shell has been deployed.”Like Digital Shadows senior cyber threat intel analyst Sean Nikkel, other experts explained that this issue is the fifth instance of similar, critical vulnerabilities from ManageEngine this year. These vulnerabilities are severe in that they allow either remote code execution or the ability to bypass security controls, Nikkel told ZDNet. “Since the service interacts with Active Directory, giving attackers access can only lead to bad things, such as controlling domain controllers or other services. Attackers can then take advantage of ‘blending in with the noise’ of everyday system activity. It’s reasonable to assume that there will be more widespread exploitation of this and previous vulnerabilities given the interactivity with Microsoft system processes,” he said. “The observation that APT groups are actively exploiting CVE-2021-40539 should highlight the potential exposure it might cause. If trends are consistent, extortion groups will likely seek exploitation for ransomware activity in the not-so-distant future. Users of Zoho’s software should apply patches immediately to avoid the types of compromise described in the CISA bulletin.”The vulnerability is part of a larger trend of issues being found with systems management software tools. Vulcan Cyber CEO Yaniv Bar-Dayan compared it to recent issues with SolarWinds, Open Management Infrastructure (OMI), Salt and more. “Considering the amount of access and control these tools have, it is critical IT security teams take immediate steps to remediate fully. Zoho has a patch, but it is just a patch for one vulnerable component of what is a multi-layered, advanced persistent threat,” Yaniv Bar-Dayan added. “Apply the patch, but also make sure to eliminate direct access to ManageEngine software from the Internet where possible. If APT groups get access to systems management tools, they get the keys to the kingdom. Move quickly.” More

A banking Trojan has been detected that abuses YouTube, Pastebin, and other public platforms in order to spread and control compromised machines. 

On Friday, ESET wrapped up a series on banking Trojans present in Latin America — including Janeleiro, a new malware sample similar to Casbaneiro, Grandoreiro, and Mekotio — but this one does not just hit that region; instead, campaigns have been detected across Brazil, Mexico, and Spain. In a blog post, the cybersecurity researchers said that the Trojan, named Numando, has been active since 2018. Written in Delphi, this financial malware displays fake overlay windows to dupe victims into submitting sensitive data, such as the credentials used to access financial services. As is the case for many banking Trojan variants, Numando is spread almost “exclusively” through spam and phishing campaigns, ESET says. These attempts are not exactly sophisticated, as of the time of writing, no more than a few hundred victims have been traced. As a result, it appears that Numando is “considerably less successful” than other Latin American Trojans, including Mekotio and Grandoreiro.  It’s likely that the operator’s lack of sophistication has contributed to a low infection rate. In recent campaigns, spam sent to distribute Numando are composed of a phishing message and a .ZIP attachment included with the email.  A decoy .ZIP file is downloaded, together with an actual .ZIP file that contains a .CAB archive — bundled with a legitimate software app — an injector, and the Trojan. The malware is hidden in a large .BMP image file, of which samples are below:
ESET

If the software app is executed, the injector is side-loaded and the malware is then decrypted using an XOR algorithm and a key. Once installed on a target machine, Numando will create fake overlay windows when a victim visits financial services. If users submit their credentials, they are stolen and sent to the malware’s command-and-control (C2) server.  Numando also abuses public services including Pastebin and YouTube to manage its remote configuration settings.  “The format is simple — three entries delimited by “:” between the DATA:{ and } markers,” ESET explained. “Each entry is encrypted separately the same way as other strings in Numando — with the key hardcoded in the binary. This makes it difficult to decrypt the configuration without having the corresponding binary, however, Numando does not change its decryption key very often, making decryption possible.” Google was informed of the videos found by the cybersecurity team and the ones that have been detected have since been taken down.  Example YouTube remote config upload
ESET
Numando is also able to simulate mouse clicks and keyboard actions, hijack PC shutdown and restart functions, take screenshots, and kill browser processes.  “Unlike most of the other Latin American banking trojans covered in this series, Numando does not show signs of continuous development,” ESET says. “There are some minor changes from time to time, but overall the binaries do not tend to change much.” In other recent Trojan news, in May, Kaspersky unmasked Bizarro, a prolific Trojan detected recently across Europe. Bizarro has honed in on the customers of at least 70 banks across countries including Brazil, Argentina, and Chile, but now appears to be focused on European victims.   Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Researchers have unmasked a lengthy campaign against the aviation sector, beginning with the analysis of a Trojan by Microsoft. 

On May 11, Microsoft Security Intelligence published a Twitter thread outlining a campaign targeting the “aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT.” The operator of this campaign used email spoofing to pretend to be legitimate organizations in these industries, and an attached .PDF file included an embedded link, containing a malicious VBScript which would then drop Trojan payloads on a target machine.  According to Microsoft, the malware was used to spy on victims as well as to exfiltrate data including credentials, screenshots, clipboard, and webcam data.  Microsoft’s security team has been monitoring the campaign, and now, Cisco Talos has also contributed its findings on the operation.  Cisco Talos researchers Tiago Pereira and Vitor Ventura published a blog post on Thursday documenting the scheme, dubbed “Operation Layover,” which has now been linked to an actor that has been active since at least 2013 — and has been targeting aviation for at least two years.  In addition to Microsoft’s investigation, the cybersecurity company has established connections between this threat actor to campaigns against other sectors, spanning over the past five years. 

When it comes to aviation targets, sample emails containing malicious .PDFs were very similar to those obtained by Microsoft. The emails and .PDF attachments are aviation-themed, with mentions of trip itineraries, flight routing, private jets, quotes, charter requests, cargo details, and more.Based on passive DNS telemetry, the team believes the threat actor is located in Nigeria, due to 73% of IPs connected to hosts, domains, and the attacks at large originate from this country. Pseudonyms appear to include the handle “Nassief2018” on hacking forums, as well as the monikers “bodmas” and “kimjoy.” The cybercriminal started by using the off-the-shelf CyberGate malware and does not appear to have gone beyond commercially available code since. The threat actor has also been linked to crypter purchases from online forums, email addresses, and phone numbers, although these findings have not been verified.  CyberGate has since been replaced with AsyncRAT in recent campaigns, with over 50 samples detected that are communicating with a command-and-control (C2) server used by the threat actor. As of now, eight more domains linked to AsyncRAT deployment have been detected, the majority of which were registered over 2021. RevengeRAT and AsyncRAT, however, are not the only brands of malware in use. One domain spotted by the team also indicates that the operator is using a variant of njRAT in cyberattacks.   “Actors that perform smaller attacks can keep doing them for a long period of time under the radar,” Cisco Talos says. “However, their activities can lead to major incidents at large organizations. These are the actors that feed the underground market of credentials and cookies, which can then be used by larger groups on activities like big game hunting.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Getty Images
China has applied to join an Asia-Pacific trade pact that currently has 11 members including Australia, New Zealand, and Japan, the country’s Ministry of Commerce (MOFCOM) said on Thursday. The trade pact, called the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), currently has 11 members that represent about $13.5 trillion in GDP, or 13.4% of global GDP, making it one of the largest trade pacts in the world. Chinese Commerce Minister Wang Wentao submitted the application to New Zealand’s Trade Minister Damien O’Connor in a written letter on Thursday, the department said in an online statement. The two officials have also had phone communications about the member application, it added. New Zealand acts as the depositary for the CPTPP, the government that handles various administrative tasks for the pact, such as requests to join. The CPTPP was ratified in 2018 and incorporates the Trans-Pacific Partnership (TPP), which was scrapped in 2018 after former US President Donald Trump withdrew the US from the trade pact. The TPP needed to be ratified by the US to go into force. To join the CPTPP, China would need no member to object to its accession into the trade pact, which will be tricky given Australia is among its members.

Tensions between Australia and China has grown steadily over the past 18 months, with Australia, alongside the UK and US, yesterday announcing a trilateral security pact aimed at addressing the defence and security concerns posed by China within the Indo-Pacific region. Although China was not mentioned when announcing AUKUS, Australian Prime Minister Scott Morrison said the Indo-Pacific region was increasingly becoming “more complex”. AUKUS will see the three countries create initiatives that increase cyber capabilities, artificial intelligence, quantum technologies, and undersea capabilities. The three countries will also promote deeper information and technology sharing between themselves. Australia on Thursday also appealed the World Trade Organization’s decision to allow China to impose tariffs on Australia’s wine exports, Australia’s Trade Minister Dan Tehan said in a statement.  Meanwhile, Morrison last year did almost everything but name China as the actor responsible for cyber attacks that targeted all levels of government in Australia, as well as the private sector. “Australia doesn’t judge lightly in public attributions, and when and if we choose to do so, it is always done in the context of what we believe to be in our strategic national interest,” Morrison said at the time. Current members of the CPTPP include Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, and Vietnam. The United Kingdom submitted a formal request to join the CPTPP earlier this year, and a working group for its accession has been established.Related Coverage More

Image: Getty Images/iStockphoto
The economics of surveillance capitalism and a world of paranoid apps will transform the domain name system (DNS), says Geoff Huston, chief scientist at APNIC Labs, part of the Asia Pacific Network Information Centre.

Knowing the domain names of the websites you visit, or servers that apps access on your behalf, is valuable intelligence. DNS traffic is especially valuable because it reflects what users are doing in real time. “The names you asked for, and when you ask for them, say an awful lot about you,” Huston said in his presentation to the APNIC 52 conference on Wednesday. “The network betrays you. You’re leaving big, filthy, muddy footprints on the carpet, mate. We can see where you’re going. And that’s the problem,” he said. “Real-time data, right here, right now. Not last week, not last month. This second. You couldn’t get more valuable.” Others with more noble motives are monitoring DNS traffic too, looking for the telltale signs of malicious activity, such as the rapidly-changing domain names used by botnets. And as Edward Snowden revealed in 2013, the members of the Five Eyes signals intelligence agencies are also keen on sucking up all that DNS traffic.

“All kinds of folk actually spread DNS information all over the place,” Huston said. “The problem is, it doesn’t matter what your motives are, good or bad. Sniffing is sniffing. An invasion of privacy is invasion of privacy, irrespective of the colour of the hat you’re wearing. And this is not good.” Grafting privacy onto decades-old protocols The core DNS protocols date back to the 1980s, and they’re based on a domain name structure that was developed in the 1970s. Everything happens out in the open, unencrypted. “How can we stop folk crowding around the digital exhaust pipe sniffing these fumes?” asks Huston. There are methods for preventing third parties from snooping on your DNS traffic, but they haven’t seen wide adoption. One way to make DNS surveillance more difficult is to use a public open DNS server, such as Google’s 8.8.8.8, Cloudflare’s 1.1.1.1, OpenDNS, or Quad9 rather than your local ISP’s servers — because ISPs have been known to sell their DNS logs to advertisers. That can be combined with using an encrypted DNS connection, such as DNS over TLS, DNS over HTTPS (DoH), or DNS over the more lightweight QUIC protocol. If you do that, you’re doing a “tolerably good job” of hiding in the crowd, Huston said. “But that first part of the bargain? I’ve got to trust Google. Yeah right. I’ve got to trust the very folk who are experts in assembling my profile.” To put it another way: If we have to compromise our privacy to a third party, which third party represents the least risk to us, both now and in the future? It’s a difficult choice. But wait. Maybe we don’t have to compromise our privacy at all. Enter Oblivious DNS, a cryptographically private DNS name space One innovative solution is Oblivious DNS, first written up as a draft engineering standard in 2018 and a formal paper [PDF] in 2019. “The concept is delightfully simple,” Huston wrote in 2020, although some might argue with his use of the word “simple” once they read his explanation. ODNS uses a chain of DNS servers interacting via a pipeline of encrypted transactions. The details will be fascinating for DNS aficionados, but the overall strategy is easy to explain. The DNS server close to you knows who you are, so it can return the answer to you, but not what your query was because it’s encrypted. The DNS server at the other end knows what DNS query it has to resolve, because you used that server’s public key to encrypt the transaction, but not who asked for it. A similar approach called Oblivious DoH (ODoH), described in a draft standard in 2020, wraps the entire DNS transaction in an encrypted envelope. The advantage of ODoH is that it doesn’t try to cram everything into the existing DNS packet format, meaning it can be slightly more elegant. The disadvantage is that it requires separate infrastructure from the existing DNS. But why would anyone pay for all this? Huston’s future of bloated, paranoid apps “In terms of economics, the DNS is a wasteland,” Huston told APNIC 52. “I don’t pay for queries, you don’t pay for queries. Who funds all this? Well, my ISP funds a lot of it. And it sort of comes out of what I pay them,” he said. That means there’s no incentive for ISPs to improve DNS privacy. “For ISP fees, the DNS becomes a part of Mr Cost, it’s not Mr Income, and so there’s a lot of resistance to making Mr Cost grow bigger because that’s the way you basically kill your business.” The public servers are there, but who funds them? And how many users will change their DNS settings on their devices anyway? “In some ways, improving the DNS is a labour of love. It’s not a labour for wealth and profit,” Huston said. “Most folk just simply use their ISP’s resolver, because that’s the one you’re paying for, and that’s the one person who actually has an obligation to do this for you… So by and large, open DNS resolvers aren’t really going to take the DNS and run away over the hills.” Huston thinks there’s one place where the privacy-protecting DNS protocols might take hold, though it won’t be for your benefit: inside the apps on your devices. Facebook’s mobile app, for example, weighs in at more than 200 megabytes because it contains an entire operating system, including an entire network stack. “Facebook is paranoid about a number of things. It’s paranoid about the platform snooping on it. It’s paranoid about other applications on the same platform snooping on the Facebook app,” Huston said. “Facebook is incredibly valuable. It’s spent a lot of time and money understanding me, and assembling a profile of me that it can sell to advertisers. The last thing it wants to do is to give any of that information away to anyone else. It’s their data,” he said. “Applications that divorce themselves from the DNS infrastructure as we know it is an inevitable and near-term future.” Huston sees this progression as part of broader, historical waves of change that have “played out right now in front of our very eyes”. The internet has gradually been transforming from network-centric services, to platform-centric services, to application-centric services. “The DNS is being swept up with this, and almost every single part of the DNS changes as soon as the DNS becomes sucked into application space,” he said. “Single coherent namespace? Nah, historical rubbish. Because the entire namespace then becomes application-centric, and different applications will have a different namespace to suit their needs.” Related Coverage More

The NSW government has announced the state will undergo a trial of home-based quarantine for people arriving in Australia based around a mobile app using geolocation and face recognition. The pilot will be jointly operated by NSW Health and NSW Police and entails a seven-day home-based quarantine program for around 175 people. It will be run across a four-week period and commence sometime this month.   The app will use geolocation and face recognition technology to monitor whether a person is complying with the state’s quarantine rules. It will also provide people with a testing schedule and symptom checker. The government added that the mobile app would be supplied by random in-person checks and penalties would be doled out to individuals who breach their isolation during home-based quarantine. Elsewhere: Technology could make fighting COVID less restrictive but privacy will take a hit The mobile app is based on one that is already being trialled in South Australia, the NSW government said in a statement. “This will build on the evidence that’s been collected through the South Australian trial as part of the national plan where we utilise technology, particularly facial recognition and location-based services apps on your phone, to help police continue to check-in on a person during their home-based quarantine,” NSW Minister for Jobs, Investment, Tourism, and Western Sydney Stuart Ayres said.

The trial is being conducted as part of efforts to remove the state’s hotel quarantine system for the majority of people who are coming into Australia, Ayres said. He added that both the NSW and federal governments hope the findings will inform future quarantine programs and provide information for how best to come up with alternatives for people who do not have access to smartphones. In terms of privacy, the app will use the same mechanisms as the current Service NSW check-in regulations, the NSW government said. All participants who are chosen for the pilot will have already had both doses of a government-approved COVID-19 vaccine.See also: Living with COVID-19 creates a privacy dilemma for us all On the same day, the South Australian trial that commenced late last month will expand in October to allow home-based quarantine for up to 250 people every week. The South Australian trial has had 98 participants to date.Tasmania also reportedly announced it will begin a 30-day home-based quarantine trial for residents returning home from regional New South Wales next week.The Tasmanian trial will be for eligible travellers who have been fully vaccinated against COVID-19. Travellers will also be required to return a negative test, and must perform the home-based quarantine in a house with no other residents. Elsewhere in Australia, Western Australia also has a home quarantine app in place for arrivals into the state. The app used in Western Australia, called G2G Now, has also been used in some cases within the Northern Territory.Updated at 3:55pm AEST, 17 September 2021: South Australia announced expansion of its home-based quarantine trial. Related Coverage More

Nevada Restaurant Services (NRS), the owner of popular slot machine parlor chain Dotty’s, has disclosed a data breach that exposed a significant amount of personal and financial information. In a statement, the company confirmed that “certain customers” were affected by the breach and explained that the information includes Social Security numbers, driver’s license numbers or state ID numbers, passport numbers, financial account and routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers and credit card numbers and expiration dates.The Las Vegas-based company has about 600 employees, an annual revenue of more than $70 million and operates about 200 locations across Nevada, Oregon and Montana and Illinois. They also operate Red Dragon taverns and hotels, Laughlin River Lodge, Bourbon Street Sports Bars, La Villita Casino and Hoover Dam Lodge.”In January 2021, NRS identified the presence of malware on certain computer systems in its environment. NRS immediately commenced an investigation to determine the full nature and scope of the incident and to secure its network,” the company said in a statement. “Through this investigation, NRS determined that it was the target of a cyber-attack and that, in connection with the cyber event, an unauthorized actor was able to copy certain information from the system on or before January 16, 2021.”The company added that the information leaked for each person was not the same. They plan to send out notification letters to victims of the incident but noted that they will only mail the letters if they have “valid mailing addresses.”An assistance line at (833) 909-3914 has been created for those who may wonder if they were affected by the breach but did not receive a letter. 

Vital Vegas reported in July that Dotty’s has about 300,000 customers in its player database.NRS confirmed that after the attack, they took steps to increase security and put in place “technical safeguards to its environment.” They will be providing free identity protection services as is customary in situations like this. But the company urged victims of the breach to “remain vigilant against incidents of identity theft and fraud,” while also using their one free credit report check allowed each year. They listed other suggestions for victims like putting fraud alerts on their file and placing credit freezes on accounts. “However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit,” the company added.   More