Receive free Ransomware updates
We’ll send you a myFT Daily Digest email rounding up the latest Ransomware news every morning.
A cyber criminal gang proficient in impersonation and malware has been identified as the likely culprit for an attack that paralysed networks at US casino operator MGM Resorts International.
The group, known as “Scattered Spider”, employs fraudulent phone calls to employees and help desks to “phish” for login credentials. It has specifically targeted MGM and numerous other Western companies with the goal of extracting ransom payments, according to two informed sources.
MGM, the operator of several hotel casinos on the Las Vegas Strip, including the Bellagio, Aria, Cosmopolitan, and Excalibur, took proactive measures by shutting down significant portions of its internal networks after discovering the breach on Sunday, as reported by one of the sources.
Efforts to contain the hackers resulted in chaos, with slot machines malfunctioning, electronic transfers of winnings sluggish, and key cards for thousands of hotel rooms rendered useless. An official response from MGM regarding the incident has not been provided at this time.
The FBI has launched an investigation into the matter, and the Nevada Gaming Control Board has been informed of the breach’s impact. Governor Joe Lombardo is coordinating with local and national law enforcement, according to a statement by the board.
Scattered Spider is a relatively new player in the ransomware industry and has targeted over 100 organizations, mostly in the US and Canada, during the two years that Mandiant has been monitoring its activities, states Charles Carmakal, the Chief Technology Officer at the Google-owned cybersecurity group.
“They are highly active, disruptive, and effective in causing chaos and inflicting pain,” he said.
Scattered Spider stands out from other Russian-speaking cyber criminal gangs that dominate the multibillion-dollar ransomware industry, which primarily focuses on software attacks to encrypt or steal data and demand ransoms.
The gang takes advantage of social media profiles to gather information on individuals, allowing them to impersonate their targets during English phone calls and extract passwords or digital codes needed to access networks.
The group’s members are believed to be located in the UK or Europe, according to Carmakal. “They’re successful because of their extensive research and exceptional skills,” he added.
Given MGM’s size, with thousands of employees and multiple interconnected networks, shutting down certain internal functions to contain the breach is a typical procedure, explains Steve Stone, the head of Rubrik Zero Labs, another cybersecurity company.
He notes that the various systems at MGM, from hotel check-ins to financial transactions, have been designed to trust one another. “The widespread challenge faced by MGM suggests that a considerable amount of trust is built into their environments,” Stone said. “This makes for an efficient operation until a problem arises, and then that strength becomes a weakness.”
Denial of responsibility! Vigour Times is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
