Introduction
Ice Breaker.
No, not the kind that you play during team building exercises. This is the name of a recent social engineering threat that has emerged in the past few months. They play on emotions to get their target to react without thinking, in a way that allows the threat actor to gain access to your accounts or systems.
The problem is, it’s not you that they’re targeting this time.
How Ice Breaker Strikes
Security experts in Israel first noticed the multi-step threat in September 2022, and the attacks have only grown more prevalent since. Gaming and gambling events are beginning soon, such as the ICE London 2023 game convention in February (which is actually where the threat got its name) or any given night in Las Vegas. Whichever one is your hobby, watch out for any suspicious activity on your accounts while we’re still learning more about how this threat works!
Let’s walk through it.
The cybercriminal starts by pretending to be a customer with an online platform of some kind, like a digital casino or tournament site. They contact the support team there, sounding like a non-native English speaker and requesting to talk to someone else who is too. This is to decrease the chances of getting flagged as a scam. To worsen the odds further, many online platforms in the gaming and gambling industries tend to outsource their customer support, so they can’t necessarily impose their own security awareness training and warn about these kinds of tricks.
Once the threat actor is on with support, they’ll send a screenshot of a supposed problem that they’re having and ask for help resolving it. The “picture” is often sent through external platforms like Dropbox, or a fake screenshot hosting website.
Only when the team member clicks on the link, it doesn’t open a JPG — instead malware instantly begins to download and start running.
What Does Ice Breaker Do?
After the malware has been downloaded onto the customer support agent’s system, it creates a backdoor through JavaScript. This allows the hacker to run processes, steal data, move or take files, and really wreak whatever havoc they like.
So far, whomever is deploying Ice Breaker seems to run one of two final payloads on the target company. Either a loader spawns a Houdini RAT to give them remote access to your system, or an automatic installer package given the moniker Ice Breaker backdoor (clever, right?). Then they can view behind the scenes goings-on in the company, steal user or employee passwords, run more processes and continue gathering information to launch worse attacks.
Be careful of phishing scams coming from these sites in particular. Even legitimate company email addresses may have been compromised by this attack. If something seems suspicious, listen to your gut and do some more digging.
Conclusion
Gaming and gambling are common targets for cybercriminals, since there’s always money in a tournament or casino. You should always be careful when entering payment info online, but especially if the purpose of the platform is to hold large amounts of money. It’s a natural target for thieves, that puts your accounts, funds and privacy at risk.
Take time to research where you’re storing you funds. Do they have a good security system? Are they encrypting data and verifying users before they send links to customer support? What steps will they take to recover your lost data or funds in the event of a breach? These are the kinds of questions you should ask yourself before trusting your bank details to any website.
If you do get notified that your information has been compromised in a breach, affecting the gaming and gambling industries or anywhere else, you should immediately report it to the authorities, including your IT provider. Change your passwords and keep a close eye on your finances and other accounts for any suspicious activity!
In the modern threat landscape, knowledge is still the greatest power.
References