A cybercriminal group known as “Scattered Spider,” with expertise in impersonation and malware, is believed to be responsible for a recent attack that disrupted the networks of MGM Resorts International, a US casino operator. This group employs deceptive phone calls to target employees and help desks in order to conduct phishing attacks to obtain login credentials. Scattered Spider has set its sights on MGM and numerous other Western companies, primarily seeking ransom payments, according to individuals familiar with the matter.
MGM Resorts International, which operates hotel-casinos on the Las Vegas Strip, such as the Bellagio, Aria, Cosmopolitan, and Excalibur, took proactive measures by shutting down significant portions of its internal networks upon discovering the breach. This incident led to widespread disruption, causing issues like malfunctioning slot machines, delays in electronic winnings transfers, and the inoperability of key cards for thousands of hotel rooms. As of now, MGM has not responded to requests for comments regarding the situation.
MGM Resorts Targeted by Scattered Spider’s Unique Ransomware Tactics
The FBI has initiated an investigation into the matter, and the Nevada Gaming Control Board has been notified of the impact of the breach. Governor Joe Lombardo of Nevada is coordinating efforts with local and national law enforcement agencies, as stated by the board.
Scattered Spider, a relatively new player in the ransomware arena, has made a significant impact over the past two years, targeting over a hundred organizations, primarily in the United States and Canada. These insights come from Charles Carmakal, the Chief Technology Officer at the cybersecurity division owned by Google, known as Mandiant. According to Carmakal, Scattered Spider is characterized by its high level of activity, disruptive tactics, and a knack for causing chaos within the organizations it targets. Their proficiency in breaching security systems and inflicting considerable pain on their victims is particularly noteworthy.
What sets Scattered Spider apart from its peers is its approach within the realm of Russian-speaking cybercriminal groups that dominate the ransomware industry, a sector worth billions of dollars. Unlike traditional methods that focus solely on software attacks to encrypt or steal data, Scattered Spider adopts a more sophisticated approach. They meticulously gather information about individuals by scouring social media profiles, enabling them to impersonate their victims convincingly. Utilizing this acquired knowledge, they make phone calls in English, extracting valuable passwords and digital access codes required to infiltrate networks effectively.
The Dilemma of Mutual Trust in Cybersecurity
Charles Carmakal suggests that the group’s members are likely situated in the United Kingdom or Europe, attributing their success to their exceptional research capabilities and high-level skills. When it comes to dealing with the aftermath of a breach, organizations, particularly large ones like MGM, often resort to shutting down certain internal functions as a standard containment measure. Steve Stone, the head of Rubrik Zero Labs, a cybersecurity company, underscores that this practice is quite common in a sprawling corporation such as MGM, with thousands of employees and complex, interconnected networks. However, he notes that MGM’s systems, ranging from hotel check-ins to financial transactions, have been engineered with a high degree of mutual trust.
This mutual trust and interdependence among various systems within the organization have undoubtedly contributed to its operational efficiency. Yet, as Stone points out, this strength can become a vulnerability when faced with a widespread challenge like a cyber breach. In such instances, the very trust that underpins their operational efficiency can be exploited by cybercriminals to inflict significant damage.
In conclusion, Scattered Spider’s emergence as a prominent player in the ransomware landscape underscores the evolving nature of cyber threats and the need for organizations to constantly adapt and fortify their defences to safeguard their valuable data and operations.