FBI Issues Cybersecurity Advisory on Group that Targeted MGM, Caesars

FBI issues cybersecurity alert targeting MGM and Caesars Entertainment

The FBI has issued a joint cybersecurity alert targeting the notorious hacking group Scattered Spider, which recently targeted MGM Resorts International and Caesars Entertainment.

In a notice to the Cybersecurity and Infrastructure Security Agency (CISA), the FBI warned "critical infrastructure organizations" to take immediate action to improve the security of their IT systems and processes against common threats from hacker groups.

ScatterSpiders is the informal name for cybercriminal networks. The hackers themselves go by different names, including Starfraud, UNC3944, Scatter Swine, and Middled Libra.

According to the Joint Cybersecurity Advisory, criminals use social engineering to extort data, which involves manipulating or tricking victims into granting system access. The FBI says the ScatterSpider "threat actor" is a "recognized expert" in such deception techniques and specializes in "phishing, push bombing and subscriber identity module swapping attacks" to gain remote access that allows attackers to install multi-factor bypasses Credentials for the tool. Authentication protection.

Scattered Spider is a cybercriminal organization that targets large companies and the IT help desks they employ. "According to trusted third parties, ScatterSpider threat actors often steal data for ransom," the joint statement said.

The FBI and CISA have developed a series of mitigation measures to better protect their IT systems from dispersing spiders, including prohibiting the installation and execution of unauthorized remote access software.

How Dispersion Spiders Work

Scattered Spider has been blamed for cyberattacks targeting MGM Resorts and Caesars Entertainment.

MGM refused to pay the ransom, a decision that resulted in the company's U.S. resorts being severely affected by the attack, resulting in more than $100 million in lost profits. When Caesar decided to pay a ransom of approximately $15 million, the reaction was mixed.

Scattered Spider claims to have stolen approximately 6 terabytes of data, equivalent to 39 million PDF pages. The hackers said their scheme was fairly simple and required only a 10-minute call to the MGM employee help desk to gain access to the company's internal systems.

Once hackers are inside, cybercriminals install a range of tools that continue to allow them unauthorized access, according to the FBI and CISA. These tools enable cybercriminal gangs to manage IT systems, extract credentials and enable remote access.

Casinos have been hacked

In recent years, many commercial and tribal casinos have been targeted by cyberattacks. Since casinos hold sensitive data that is considered a treasure trove by cybercriminals, these companies are ideal targets.

The latest victim of the gambling industry is the Des Plaines River Casino in Illinois. The casino confirmed last week that it was attacked around August 12 and that sensitive information of certain customers and employees was stolen.

The company, which is owned and operated by Rush Street Gaming, did not immediately say whether it knew who was behind the attack.