"Hackers Admit Destroying InterContinental Hotels Group's Data For Fun"

The threat actors named "TeaPea," who were behind the InterContinental Hotels Group (IHG) cyberattack reported earlier this month, admitted doing it "for fun."  The threat actors talked to BBC over the weekend and stated that they are a couple from Vietnam who tried to conduct a ransomware attack against IHG and, upon failing, decided to delete the data they had initially obtained.  The threat actors stated that they gained initial access to IHG systems via a successful phishing attack that tricked an employee into downloading malware through an email attachment and capturing their two–factor authentication (2FA) code.  The threat actors then accessed the most sensitive parts of IHG's computer systems after finding login details for the company's internal password vault, with the password reportedly being "Qwerty1234."  According to an IHG spokeswoman the password vault details were not insecure but refused to provide details about how TeaPea managed to break into the hotel chain's systems.  Jordan Schroeder, managing CISO at Barrier Networks stated that this cyberattack shows that resilience should always be the priority.  Schroeder noted that stopping attackers getting into systems must be the focus because once they are in, organizations then have very little control over what will happen to their data next.  Schroeder stated that instead of just implementing strong, unique passwords, a company should also implement MFA, use Privileged Access Management (PAM) to protect key accounts, deploy layered security to prevent lateral movement, and train employees regularly on phishing and cybercrime.  Almost two weeks after the attack, IHG confirmed that customer-facing systems are now returning to normal but that some services may remain intermittent.

Infosecurity reports: "Hackers Admit Destroying InterContinental Hotels Group's Data For Fun"