Everyone already knows about the attacks on MGM and Caesars, but how did the criminals manage it?
Two of the leading entertainment corporations in Las Vegas, MGM and Caesars, faced large-scale hacker attacks. MGM systems were disabled in all 31 resort complexes, while Caesars paid the attackers a multimillion-dollar sum to avoid a similar fate.
According to sources, the attacks were organized by the hacker group Scattered Spider (in partnership with ALPHV, also known as BlackCat). This group, which includes citizens of the United States and Great Britain, began its activity in May 2022.
"The social engineering methods they use are highly sophisticated. These hackers specialize in voice phishing, targeting support services, call centers, and even operational security centers," said Stephen Erwin, senior consultant at TrustedSec.
Various methods of social engineering are another feature of Scattered Spider. Phishing campaigns are mainly conducted through Telegram, SMS, and SIM swapping.
Two-factor authentication (MFA) is used for initial penetration into the system. The victim is sent a lot of requests for confirmation of identity. Hackers expect that intrusive notifications will be annoying and the user will eventually agree to enter their data.
In addition, attackers exploit known vulnerabilities associated with Intel Ethernet card drivers to conduct DoS (denial of service) attacks. One of these vulnerabilities is CVE-2015-2291.
After successfully entering the system, hackers are able to quickly move across the network, using stolen credentials or tokens to attack cloud resources.
"Once they are highly effective in their penetration techniques, they quickly move on to installing ransomware or compromising data," says Juan Perez, another researcher at TrustedSec.
The alliance of Scattered Spider and ALPHV / BlackCat allows them to expand their capabilities. There is information that Scattered Spider is a division of BlackCat, but experts have not yet been able to verify its authenticity.
The BlackCat ransomware was first detected in 2021. This group develops and sells malware in the extortion-as-a-service (RaaS) format. The Rust programming language is used to create it.
Some of the hackers are believed to be only 19 years old, but their activity and professionalism are causing serious concern among cybersecurity experts.
Two of the leading entertainment corporations in Las Vegas, MGM and Caesars, faced large-scale hacker attacks. MGM systems were disabled in all 31 resort complexes, while Caesars paid the attackers a multimillion-dollar sum to avoid a similar fate.
According to sources, the attacks were organized by the hacker group Scattered Spider (in partnership with ALPHV, also known as BlackCat). This group, which includes citizens of the United States and Great Britain, began its activity in May 2022.
"The social engineering methods they use are highly sophisticated. These hackers specialize in voice phishing, targeting support services, call centers, and even operational security centers," said Stephen Erwin, senior consultant at TrustedSec.
Various methods of social engineering are another feature of Scattered Spider. Phishing campaigns are mainly conducted through Telegram, SMS, and SIM swapping.
Two-factor authentication (MFA) is used for initial penetration into the system. The victim is sent a lot of requests for confirmation of identity. Hackers expect that intrusive notifications will be annoying and the user will eventually agree to enter their data.
In addition, attackers exploit known vulnerabilities associated with Intel Ethernet card drivers to conduct DoS (denial of service) attacks. One of these vulnerabilities is CVE-2015-2291.
After successfully entering the system, hackers are able to quickly move across the network, using stolen credentials or tokens to attack cloud resources.
"Once they are highly effective in their penetration techniques, they quickly move on to installing ransomware or compromising data," says Juan Perez, another researcher at TrustedSec.
The alliance of Scattered Spider and ALPHV / BlackCat allows them to expand their capabilities. There is information that Scattered Spider is a division of BlackCat, but experts have not yet been able to verify its authenticity.
The BlackCat ransomware was first detected in 2021. This group develops and sells malware in the extortion-as-a-service (RaaS) format. The Rust programming language is used to create it.
Some of the hackers are believed to be only 19 years old, but their activity and professionalism are causing serious concern among cybersecurity experts.
