The chaotic and cinematic MGM casino hack, explained
Are we in the middle of Ocean’s 14 or is this just another ransomware attack?
www.vox.com
Thus affected the mgm.com domain, the main casino and others in their group.
Just some of the good parts from the article
Scattered Spider’s members are thought to be in their late teens and early 20s, based in Europe and possibly the US, and fluent in English — which makes their vishing attempts much more convincing than, say, a call from someone with a Russian accent and only a working knowledge of English. In this case, it appears that the hackers found an employee’s information on LinkedIn and impersonated them in a call to MGM’s IT help desk to obtain credentials to access and infect the systems.infect the systems.
Someone claiming to be a representative of the group told the Financial Times that it stole and encrypted MGM’s data and is demanding a payment in crypto to release it. This was the backup plan; the group initially planned to hack the company’s slot machines but weren’t able to, the representative claimed.
If that all has you thinking that we’re in the middle of a remake of Ocean’s 13, you should also know that it may not be accurate. ALPHV/BlackCat is denying parts of these reports, especially the slot machine hacking attempt. The group posted a message on Thursday night claiming responsibility for the attack but denying that it was perpetrated by teenagers in the US and Europe or that anyone tried to tamper with slot machines. It also criticized what it said was inaccurate reporting on the hack and said it hadn’t officially spoken to anyone about the hack, and “most likely” wouldn’t in the future. The message said that data was stolen from MGM, which has thus far refused to engage with the hackers or pay any kind of ransom.
It seems that MGM wasn’t the only casino chain hit by a recent cyberattack. Caesars Entertainment paid millions of dollars to hackers who breached its systems around the same time as MGM and was able to continue operations as normal. Caesars admitted to the breach in a filing with the Securities and Exchange Commission on Thursday, where it said an “outsourced IT support vendor” was the victim of a “social engineering attack” that resulted in sensitive data about members of its customer loyalty program being stolen. Though the method is very similar to those reportedly used by Scattered Spider and the attack happened at nearly the same time as MGM’s, the alleged representative of the group told the Financial Times that it wasn’t behind it.
