Posted on: November 20, 2023, 10:01h.
Last updated on: November 20, 2023, 10:02h.
The Federal Bureau of Investigations (FBI) has released a Joint Cybersecurity Advisory about Scattered Spider, the infamous hacking group that recently targeted both MGM Resorts International and Caesars Entertainment.
The FBI, in a notice with the Cybersecurity and Infrastructure Security Agency (CISA), is warning “critical infrastructure organizations” to take immediate steps to enhance the security of their IT systems and processes from common threats levied by the hacking group.
Scattered Spider is an informal name given to the network of cybercriminals. The hackers themselves go by an assortment of names, including Starfraud, UNC3944, Scatter Swine, and Middled Libra.
The Joint Cybersecurity Advisory says the illicit criminals engage in data extortion by way of social engineering — the act of manipulating or deceiving a victim into providing system access. The FBI says Scattered Spider “threat actors are considered experts” in such deceit techniques and specialize in “phishing, push bombing, and subscriber identity module swap attacks” to obtain credentials that allow the bad actors to install remote access tools that bypass multi-factor authentication protections.
Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion,” the joint notice read.
The FBI and CISA included a laundry list of mitigating controls to better safeguard their IT systems from Scattered Spider. That includes prohibiting the installation and execution of unauthorized remote access software.
How Scattered Spider Works
Scattered Spider took credit for both cyberattacks levied against MGM Resorts and Caesars Entertainment.
MGM refused to pay a ransom, a decision that led to more than $100 million in earnings losses after the company’s US resorts were highly disrupted by the attack. Caesars took a different response in deciding to pay a ransom — said to be around $15 million.
Scattered Spider claims to have stolen about six terabytes worth of data, which is the equivalent of 39 million PDF pages. The hackers said their scheme was rather simplistic, as they claim it only took a 10-minute phone call to an MGM employee help desk to gain access to the company’s internal systems.
Once the hackers were inside, the FBI and CISA say the cybercriminals installed a series of tools that allowed them to continue having unauthorized entry. The tools provided the cybergang with the ability to manage the IT systems, extract credentials, and further enable remote access.
Casinos Keep Getting Hacked
Numerous commercial and tribal casinos have been targeted in cyberattacks in recent years. With casinos possessing what cybercriminals consider to be treasure troves of sensitive data, the businesses are ideal targets.
The latest gaming industry victim is Rivers Casino Des Plaines in Illinois. The casino confirmed last week that it was attacked around Aug. 12 and that confidential data on certain patrons and employees was confiscated.
Owned and operated by Rush Street Gaming, the company did not immediately say whether it knew who was behind the attack.