The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Introduction:
Ever since the invention of internet browsers for personal computers came about in the 1990s, cybercrime has been on the rise. Almost 30 years after the invention of the Worldwide Web, cybercriminals have a variety of different methodologies and toolkits that they use on a daily basis to leverage vulnerabilities and commit crime. One of the most popular types of attacks that is used by threat actors is a ransomware attack. Most recently, several Las Vegas Casinos fell victim to a series of ransomware attacks.
Las Vegas hacks:
In mid-September 2023, two of the biggest Las Vegas casino and hotel chains found themselves to be victims of ransomware attacks. The two organizations that were targeted were Caesars Entertainment and MGM Resorts International.
MGM Resorts International:
The attack against MGM was first reported on September 11, 2023, when MGM personnel put out a public statement stating that a “cyber security incident” had affected some of its systems. On the days following this statement many guests reported numerous problems with the casino and the hotel operations of the company. On the casino side, many guests reported problems with slot machines and payout receipts. The slot machines in some of the MGM casinos were completely inoperable and, in the casinos, where they were operational, the machines were not able to print out the cash-out vouchers. On the hotel side, many of the organization's websites were inaccessible for a while after the attack. Guests across multiple MGM hotels reported issues with their mobile room keys not functioning, and new arrivals reported wait times of up to six hours to check in.
A hacking group known as Scattered Spider has taken credit for the ransomware attack against MGM Resorts International. Scattered Spider first appeared in the cyber threat landscape in May 2022 and is thought to be individuals ages 19-22 and based out of the UK and USA. The attackers carried this attack out in three phases. The first phase was reconnaissance, in which they stalked the company’s LinkedIn Page and the employees that work there. The second phase of the attack was a vishing attack against MGM’s IT help desk. A vishing attack is when someone uses phone calls or voice communication to trick the victim into sharing personal information, credit card numbers, or credentials. Using the information they gathered on LinkedIn; the attackers were able to impersonate an MGM employee and tricked the help desk into giving them credentials into MGM systems. The attack's third phase was launching ransomware developed by another hacker group, ALPHAV.
Scattered Spider rendered multiple systems throughout the organization useless unless the ransom is paid. Currently it is not known if MGM paid the ransom, but all casinos are once again fully operational.
Caesars Entertainment:
Days after MGM reported it had been hacked, Caesars Entertainment group disclosed to the SEC that they were also victims of a cyberattack around the same time as MGM. In a statement to the SEC, Caesar’s reported that confidential information about members of its customer loyalty program was stolen. Caesar’s representatives stated that the hackers were able to break into computer systems through a social engineering attack on an IT support contractor.
Not much information is available about the execution of this attack. The use of a social engineering attack has led many people to believe that Scattered Spider was also behind this attack. The hackers demanded that Caesar’s pay a ransom of $30 million. It is reported that the organization paid $15million to the hackers and the company has “taken steps to ensure the stolen information is deleted by the hacker but cannot guarantee this result”.
What can be learned from these attacks?
Almost 98% of cyberattacks worldwide rely on some form of social engineering to act as a gateway to launch a much more sophisticated attack. In the cases of MGM and Caesars, both organizations were infiltrated by social engineering and allowed attackers to gain initial access to the systems. Social engineering targets the weakest link of all cybersecurity operations and that is humans.
This is why it is ever so important to have proper training to help reduce the chances of your organization becoming a victim of one of these attacks. Many organizations spend thousands of dollars every year to have employees take part in phishing training. However, training for phishing alone is not enough. As we have seen in these two attacks, there are other forms of social engineering attacks such as vishing, smishing, whaling, and watering hole attacks just to name a few. It would be more beneficial to organizations to focus on a more holistic set of social engineering training rather than to just focus on phishing.
Conclusion:
The attacks against MGM and Caesars began with simple social engineering tactics where employees of the victim organization were tricked into giving information to the hackers. Although the hacking group known as Scattered Spider is new, being formed in 2022, it has already begun to make headlines. It will be interesting to see how this group evolves over the next couple of years. The attacks against two of the biggest casino and hotel chains in America should serve as warning that even the biggest are susceptible to cyberattacks. More importantly, these ransomware attacks show the importance of proper social engineering training to keep organizations better protected from threats.
About Perimeterwatch
PerimeterWatch gives you total control and management over your data. The rate of change on the internet, mobile, distributed processing, and other technologies is- simply staggering. Failing to keep up can doom even a well-established organization, but bringing in these new capabilities without fully effective security procedures and systems can be equally disastrous.
What PerimeterWatch offers is a truly secure IT infrastructure. Whether that means a completely managed IT and security function or co-managing with your in-house people, we provide the security intelligence, the technical expertise, and the implementation experience necessary to make sure your solutions solve your business problems – without simply creating new ones. www.perimeterwatch.com: