Is This Ocean’s 13 in Real Life?

Is this Ocean’s 13 in real life?

This week’s big news is still the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having already paid the ransom and the other still facing operational disruptions.

Caesars was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database contains driver’s license numbers and social security numbers for customers, and to prevent the leak of the data, Caesars paid a ransom demand.

According to a report, the threat actors demanded $30 million not to leak the data, but the Casino negotiated it down to a $15 million payment.

“We have taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” Caesars said in an SEC 8-K filing published after news of the attack leaked.

Last week, MGM Resorts suffered a ransomware attack, causing massive disruptions in its casinos, such as ATMs and credit card machines not working, guests locked out of hotel rooms, and slot machines not working.

It was later confirmed that this attack was conducted by an affiliate for the BlackCat/ALPHV ransomware operation known as Scattered Spider.

In a lengthy statement on the ransomware gang’s data leak site, the threat actors claim to have gained full access to the company’s network and ultimately encrypted 100 VMware ESXi servers.

MGM has apparently decided not to cave into the hackers, which is what the FBI advises. “Paying a ransom doesn’t guarantee you or your organization will get any data back,” says the agency’s website

Scattered Spider, Alphv, and the MGM hack – what happened?
MGM properties – valued at $14.4 BILLION – was defeated by a 10-minute telephone conversation.

How did it happen?
Techniques included “vishing” (“voice phishing”) and “social engineering,” or manipulating a person into revealing sensitive information.

In this case, hackers allegedly used publicly available LinkedIn info to impersonate an employee and tricked someone at MGM’s IT help desk into revealing access credentials.

Who did this?
That’s complicated, as two separate, but connected, groups have claimed responsibility.

Scattered Spider is believed to be a group of European and US hackers in their teens and 20s who specialize in social engineering.

Someone claiming to represent Scattered Spider told the Financial Times they wanted to rig the slot machines — a la Ocean’s Thirteen, which the rep said they’d never watched. When that failed, they decided to hold stolen data for ransom instead.

Alphv/Black Cat runs a ransomware-as-a-service business, selling malware to other hackers and they take a cut of everything earned.

Why?
Alphv seemed to enjoy attacking MGM, accusing it of insider trading, shoddy privacy practices, as well as “greed, incompetence, and corruption.”

But mostly, money. MGM’s market cap is $14.4B. Ransomware hacks frequently target large organizations with money and sensitive info: hospitals, school systems, cities, etc.

Security experts told Wired they hope high-profile hacks like MGM’s will bring more awareness to the devastating potential of cyberattacks — and perhaps new policies and strategies to combat them.

Our Sources:
Bleeping Computer:
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-15th-2023-russian-roulette/

Wired
https://www.wired.com/story/mgm-ceasars-hack-ransomware/

CNBC Coverage
https://www.cnbc.com/2023/09/13/mgm-resorts-cyberattack-and-outage-stretches-into-third-day.html