In the past weeks, there have been two major instances of cybercrime against world-famous Las Vegas casinos, Caesars and MGM.
News broke first about the MGM hack, which it looks like the casino was potentially trying to keep under wraps, even as they continue to be held for ransom by criminals.
Let’s take a look at what exactly has happened, what we know so far, and what businesses can learn from this.
Caesars Paid Millions to Hackers
Before the MGM hack hit the news cycle, Caesars had already been the victim of an attack by cybercriminals.
In fact, Caesars Entertainment Inc had paid 15 million dollars to hackers who broke into the company’s systems and threatened to release their private data if they were not paid.
Caesars didn’t respond to requests for comment. On Thursday, after Bloomberg News reported that Caesars had been hit by a cyberattack, the company disclosed the hack in a regulatory filing
The group behind this attack is known as Scattered Spider or UNC 3944. They are believed to be based in the US, Europe, and UK.
It’s thought that some members of the group as young as 19. This group has allegedly been involved in many cybercrimes.
So, how exactly did Scattered Spider get access to Ceasar’s systems?
How Exactly was Caesars Hacked?
Bloomberg reports that, according to cybersecurity experts, Scattered Spider first breached an outside IT vendor. They did so in order to gain access to the company’s network.
However, Scattered Spider has only taken ownership of the MGM attack, and not the Caesar’s hack. There are some reports that they have done both, and some that they are only behind one of the attacks.
Regardless, this is a well-established cybercriminal group. By knowing how they operate, you can better protect your own privacy.
According to experts, the members of Scattered Spider are skilled at social engineering. This is how they gain access to large corporate networks, which they largely focus on attacking.
The group began targeting Caesars and planning their attack as early as late August of 2023. They eventually stole massive amounts of data from Caesars loyalty members.
This included personal information such as their drivers licenses and social security numbers. Scattered Spider threatened to release all of this information if Ceasars did not pay the ransom they asked for.
What Is Social Engineering?
It’s important to keep in mind that there are all kinds of cybercriminals out there. While some target large corporations, others target small businesses and even individuals.
Many of them use social engineering to digitally entrap victims, so it’s critical you understand what that is, and what social engineering tactics look like.
According to Kaspersky:
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.
Usually, social engineering attackers have one of these goals. They aim to either disrupt or corrupt data to cause harm or inconvenience or they want to steal something from you.
Here is the cycle of social engineering attacks:
- Prepare by gathering background information on you or a larger group you are a part of.
- Infiltrate by establishing a relationship or initiating an interaction, started by building trust.
- Exploit the victim once trust and a weakness are established to advance the attack.
- Disengage once the user has taken the desired action.
This can take place in a quick interaction or over a series of months, both digitally and in person.
Scattered Spider is Behind the MGM Hack
The Financial Times reports that the same group is behind a failed attack and one successful attack on the MGM casino, which is currently ongoing.
According to representatives of Scattered Spider, the hacker group had planned to manipulate the software in slot machines at MGM. Then they would recruit people to go in and play the favorably rigged machines and collect big.
However, once that failed, the group resorted to a more common tactic, which cybercriminals have been using for decades.
They siphoned off the company’s data, encrypted some of it and are now demanding cryptocurrency to release it.
In an interview over the Telegram messaging app, a person who claimed to represent the group described the techniques used to evade detection in the systems of one of the world’s largest casino operators.
While these claims cannot be independently verified, what they described matches with the details of attacks carried out against roughly 100 victims over the past 2 years.
As a result of the MGM hack, guests keycards for their rooms did not function. Slot machines went offline in MGM casinos around the US, and in many casinos, workers resorted to manual gambling and handwritten IOUs. Phone lines and TV within the casinos were down too.
The outage they caused is ongoing, with today being its fourth day. Despite guests still reporting issues across their properties, MGM has claimed that everything is operational and has made no public comment about the situation.
How Did Scattered Spider Infiltrate MGM?
Techcrunch reports that Scattered Spider claims that they compromised MGM with a social engineering scheme.
According to Techcrunch:
The hackers allegedly found an employee on LinkedIn and called the organization’s help desk to access their account.
They were also able to avoid being detected by MGM’s security systems. They used common remote login software, combined with access to MGM’s corporate VPN to pretend to be an employee.
In this way, they ran malware which they claimed infiltrated the company’s system in less than 5 hours. It also remained undetected for over a week.
One of the big things that separates Scattered Spider from other hacking groups is that they speak fluent, unaccented English. This causes their English-speaking victims to lower their guard.
Scattered Spider also recruits a large number of minors. Allison Nixon, chief research officer at Unit 221B, told TechCrunch:
“There is a disproportionate number of minors involved, and that’s because the group deliberately recruits minors because of the lenient legal environment these minors exist in and they know nothing will happen to them if the police catch a kid.”
Why Casinos?
According to the Financial Times, Scattered Spider used a generic toolkit meant to hack a wide range of corporations.
They don’t have a particular vendetta against casinos, it’s simply that many other types of business are off-limits. Certain industries are protected legally or just have security systems that make them difficult to hack.
A representative for the group said:
“If a company has money and it meets our requirements, it doesn’t matter what field it’s in, we’ll hit it.” They avoid hacking hospitals, “because that’s a (jail) sentence just waiting to happen”, airports are “terrorism” and the gas industry has bespoke systems that are “cancerous to manoeuvre around.”
Final Thoughts on the MGM and Caesars Hacks
If you run a very small business or are simply an individual entrepreneur just starting out, you likely do not need to worry about being targeted by advanced criminal syndicates, like Scattered Spider.
These groups target large corporations with millions or billions of dollars they can extort. Sometimes, like in the case of the Fast Company hack, cybercriminals just hack an organization for fun.
However, there are many cybercriminals out there, and they often use social engineering tactics on unsuspecting people to do all kinds of damage. We even wrote a post about the rise of cash app scams.
Other common forms of digital scamming include:
- Romance scams
- Fake apps containing malware
- Email phishing
- Scamming by phone
- Predatory subscriptions which hide exorbitant fees in their T&Cs
In the age of AI and deep fake technology, you may not even want to answer your phone unless you know who is calling. You want to give malevolent actors the minimum access to you, your voice, or your information possible.
No matter who you are, you need to be aware of the ways that cybercriminals operate, so you can stay ahead and stay safe.
As we have seen, once a malicious actor has your information, it can be almost impossible to stop them from taking advantage of you.
What do you think? Comment below.
Since 2009, we have helped create 350+ next-generation apps for startups, Fortune 500s, growing businesses, and non-profits from around the globe. Think Partner, Not Agency.
Find us on social at #MakeItApp’n®