Earlier this month, we reported on a series of cyber security issues that surfaced at two of the largest casino brands in the world.
In late August, Caesars was targeted by hackers and allegedly ended up paying an astounding $15 million to return their systems to normal. Just as Caesars’ operations and systems were returning to normal, another cyber security attack was made against MGM Resorts International that affected much of their operations.
It’s now believed that one group was responsible for both attacks after they claimed responsibility a few days after the MGM attack.
The group, known as Scattered Spider (also known as UNC3944), claimed responsibility for the BetMGM attack and it’s believed now they were responsible for the attack on Caesars. Using a ransomware-as-a-service created by ALPHV, or BlackCat, the Scattered Spider group was able to make a 10-minute call, use social engineering tactics, and gain access to these multi-billion dollar companies.
Coincidentally, both cyberattacks took place just a few weeks after Black Hat and DEF CON visited Vegas, two of the largest cybersecurity and hacker events in the world.
Who is Scattered Spider?
According to crowdstrike.com, Scattered Spider “is a likely eCrime adversary who conducts targeted social-engineering campaigns primarily against firms specializing in customer relationship management and business-process outsourcing, as well as telecommunications and technology companies generally. The adversary primarily uses phishing pages to capture authentication credentials for Okta, Microsoft Office 365/Azure, VPNs, or…”
A malware repository collective known as vx-underground was the first to suspect Scattered Spider responsible for the attack on their X account. Scattered Spider is believed to be a subgroup of ALPHV.
According to vx-underground, Scattered Spider simply found an employee of MGM on LinkedIn and called the company’s helpdesk to access that employee’s account. The hacking group has been known for using social engineering techniques to convince employees to give access to their corporate networks.
Allison Nixon, chief research officer at Unit 221B commented on the development, stating, “These are not Russian hackers, these are Western hackers. There is a disproportionate number of minors involved, and that’s because the group deliberately recruits minors because of the lenient legal environment these minors exist in and they know nothing will happen to them if the police catch a kid.”
According to kaspersky.com, social engineering “is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.”
What is Vishing?
Most recently, these attacks have been happening over the phone, known as vishing. This word may sound familiar, or you may have heard of another form of hacking called phishing. Phishing is a cyber security attack initiated via email, while vishing is a form of attack that is initiated via phone. There is also another form of attack called smishing, which begins with a text message. According to the Federal Cybersecurity & Infrastructure Security Agency (CISA), over 90% of cyber attacks begin with some form of phishing. But vishing is on the rise.
According to an X post by @vxunderground, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
Both MGM and Caesars have taken steps to prevent future attacks and have reached out to potential victims who have had data taken. Nothing can ensure that these attacks won’t happen again, however, and a representative from Scattered Spider even told techcrunch.com that, “if you have money we want it.”
For more updates about online casinos in Michigan, follow www.playonlinemichigan.com.
Mac Daniel is a writer for PlayOnlineCasino and PlayOnlineSportsBetting. He has experience writing about a wide variety of topics, including healthcare, tourism, non-profit organizations, and most recently casino and sportsbetting news. To check out more of his work, visit: playonlinemichigan.com