'Ice Breaker': Israel-Based Security Experts Uncover Cyberattack Targeting Gaming Industry Ahead Of ICE London

ICE London, the leading gaming and gambling convention, is set to be held on February 7-9. Ahead of that, an Israel-based security platform has uncovered a cyberattack, which is using a human-operated customer service attack vector to target the event. As per Security Joes, a managed detection and response (MDR) and incident response (IR) service provider, claims that the operation, dubbed "Ice Breaker" has been active for at least four months prior.

In its report, Security Joes claims that the bad actors have been using social engineering tactics to lure customer service agents, who often turn out to be third-party business process outsourcing (BPO) firms. After striking up a conversation, attackers share a link to a fake online screenshot storage, which in reality is a complex complied JavaScript file, which is able to discover running processes, steal passwords and cookies, open a proxy tunnel controlled by attackers, exfiltrate files and data, as well as run scripts imported from attackers' server. 

"This operation is highly sophisticated and well-planned," Security Joes COO Alon Blatt said. "The attackers have been able to map potential victim networks and strike at the most opportune time, but we were able to detect and prevent the deployment of their second-stage malware before it could cause any harm. We urge gaming and gambling companies to arm their security perimeters with 24x7 experts complemented by advanced security systems."

The whereabouts of the attackers are currently unknown. As per Security Joes, they have been observed to use "broken English during their social engineering tactics, specifically targeting non-English customer service agents."

"This is a highly effective attack vector for the gaming and gambling industry," said Security Joes Senior Threat Researcher Felipe Duarte. "The never-seen-before compiled JavaScript 2nd stage malware is highly complex to dissect, showing that we are dealing with a skilled threat actor with the potential of being sponsored by an interest owner."