In a recent cyberattack, a group known as “Scattered Spider” has emerged as a significant threat, specializing in impersonation and malware. They are believed to be responsible for disrupting the networks of MGM Resorts International, a major US casino operator.
Scattered Spider employs deceptive phone calls to target employees and help desks, conducting phishing attacks to steal login credentials. Their primary objective appears to be ransom payments, with MGM and several other Western companies in their sights.
MGM Resorts International, renowned for its hotel-casinos on the Las Vegas Strip, including the Bellagio, Aria, Cosmopolitan, and Excalibur, responded swiftly to the breach. They took proactive measures by shutting down significant portions of their internal networks upon discovery.
This incident resulted in widespread disruption, causing issues such as malfunctioning slot machines, delays in electronic winnings transfers, and the inability to access thousands of hotel rooms due to malfunctioning key cards. As of now, MGM has not issued any comments regarding the situation.
The FBI has initiated an investigation into the matter, and the Nevada Gaming Control Board has been informed about the breach’s impact. Governor Joe Lombardo of Nevada is coordinating efforts with local and national law enforcement agencies to address the situation.
Scattered Spider, although relatively new to the ransomware scene, has made a significant impact over the past two years by targeting over a hundred organizations, primarily in the United States and Canada. Charles Carmakal, the Chief Technology Officer at Mandiant, Google’s cybersecurity division, notes that Scattered Spider is distinguished by its high level of activity, disruptive tactics, and proficiency in causing chaos within targeted organizations. Their ability to breach security systems and inflict substantial harm on victims is particularly noteworthy.
What sets Scattered Spider apart is its unique approach within the realm of Russian-speaking cybercriminal groups that dominate the ransomware industry, a multi-billion-dollar sector. Unlike traditional methods that focus solely on software attacks to encrypt or steal data, Scattered Spider adopts a more sophisticated approach. They meticulously gather information about individuals by scouring social media profiles, enabling them to convincingly impersonate their victims.
With this acquired knowledge, they make phone calls in English, extracting valuable passwords and digital access codes necessary for effective network infiltration.
Charles Carmakal suggests that the group’s members are likely based in the United Kingdom or Europe, attributing their success to their exceptional research capabilities and high-level skills. When dealing with the aftermath of a breach, organizations, especially large ones like MGM, often resort to shutting down specific internal functions as a standard containment measure.
Steve Stone, the head of Rubrik Zero Labs, a cybersecurity company, emphasizes that this practice is common in sprawling corporations like MGM, which have thousands of employees and complex, interconnected networks. However, Stone notes that MGM’s systems, spanning from hotel check-ins to financial transactions, have been designed with a high degree of mutual trust.
While mutual trust and interdependence among various systems enhance operational efficiency, they can become vulnerabilities during widespread challenges such as cyber breaches. In such instances, cybercriminals can exploit the very trust that underpins operational efficiency to inflict significant damage.
In conclusion, Scattered Spider’s emergence as a prominent player in the ransomware landscape highlights the evolving nature of cyber threats. It underscores the need for organizations to continually adapt and strengthen their defenses to safeguard valuable data and operations against such threats.