The MGM Resorts cyberattack is an illustration of how attack vectors evolve and compound as hacker groups grow and become more sophisticated. The MGM Casino and Hotel finally put reservation services back online Friday, 12 days after the initial breach. The casino still had slot machines and other services offline last week as the company recovered from the attack two weeks ago.
Early reports reveal the group responsible for the attack are young, 17-22 years old, native English speakers, and have been active for less than two years. The group, which goes by many names online, including Scattered Spider, got its start by using SIM-swapping attacks to steal cryptocurrency. They scoured social media for personally identifiable information (PII) and became well-practiced at convincing mobile phone carriers to move SIM access to criminal devices.
The hacker group used its recently perfected social engineering skills and moved to larger victims. They targeted third-party help desks and call centers in order to attack the multiple businesses the call center serves. They used social engineering combined with SIM-swapping to steal credentials and convince help desk employees they were internal users. Once inside, they spend considerable time searching internal documents to obtain escalated or admin network privileges. With this access, the group works at a very high tempo, exfiltrating considerable amounts of data over just a few days.
The group used this attack vector to steal customer data from Western Digital in March. However, the move to ransomware is another leap in sophistication for the young hacker group. Early reports show the group partnered with the group ALPHV, the Russian hacker group responsible for the Colonial Pipeline attack that revealed the vulnerability of national infrastructure in 2021. This latest attack on Caesars Casinos and MGM Resorts has put the rising hacker group in the spotlight of cybersecurity firms and law enforcement.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.