US – As Caesars confirms earlier attack, casinos warned cybercrime is ‘very active, very disruptive and causing chaos’By Phil - 15 September 2023
Caesars Entertainment has confirmed that just days before MGM Resorts’ computer systems were hacked it paid out a ransom of $15m to a cybercrime outfit that had managed to compromise its systems.
The criminal group demanded a $30m ransom on September 7 with Caesars eventually settling on paying about half that.
Caesars said: “We have taken steps to ensure that the stolen data is deleted by the unauthorised actor although we cannot guarantee this result.”
A group called Scattered Spider has claimed responsibility for the two attacks with native English speakers believed to be operating under the umbrella of a Russia-based entity called ALPHV or BlackCat.
In a statement, BlackCat has confirmed that MGM Resorts refused to engage on the provided communication channel following its attack on September 11, adding it had shown no intention of negotiating on the ransom.
BlackCat/ALPHV stated: “After waiting a day, we successfully launched ransomware attacks against more than 100 ESXi hypervisors in their environment on September 11th after trying to get in touch but failing. This was after they brought in external firms for assistance in containing the incident.”
The hackers said MGM disconnected ‘each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers.’
BlackCat has said it will carry out ‘additional attacks’ on MGM’s systems and share the information online if it doesn’t comply with the ransom.
Speaking to the Associated Press, Brett Callow, of New Zealand-based cybersecurity expert Emsisoft, said: “Unofficially, we saw a group called Scattered Spider claime responsibility. They appear to be native English speakers under the umbrella of a Russia-based operation called ALPHV or BlackCat.”
Charles Carmakal, who works for cybersecurity firm Mandiant, described the criminals as ‘incredibly disruptive and aggressive.’
He said to CNBC: “Although members of the group may be less experienced and younger than many of the established multifaceted extortion and ransomware groups, they are a serious threat to large companies in the United States. Many members are native English speakers and are incredibly effective social engineers. They leverage tradecraft that is challenging for many organizations with mature security programs to defend against.
“This relatively new entrant in the ransomware industry has hit at least 100 organisations, most of them in the US and Canada,” Mr Carmakal added. “They are very active, very disruptive and causing chaos and do a good good job of breaking in and causing a lot of pain. In these cases, organisations basically pay to get a ‘pinky promise.’ There is no way to actually know that they do delete it or that it won’t be used elsewhere.”
The criminals use SMS text phishing and phone calls to help desks to try to reset password resets or be sent bypass codes.
Analytical firm Moody’s said casinos faced ‘moderate cybersecurity risk, mainly because of their highly digitized nature and the large amount of valuable personal data the companies maintain.’
“Data on guests in some cases may include personal information about US executives and government officials with security clearances, which is particularly prized by nation-state hacker communities,” it added.
Steve Stone, Head of Rubrik Zero Labs, added: “Given the widespread challenge MGM is having, it seems there’s a lot of trust built into their environments. That makes for a highly efficient business until there’s a problem and that strength is now your weakness.”