Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

usonian

(14,600 posts)
Fri Sep 15, 2023, 11:34 AM Sep 2023

What goes on in Vegas ... hacking galore.

MGM reeling from cyber 'chaos' 5 days after attack as Caesars Entertainment says it was hacked too
https://abcnews.go.com/Business/mgm-reeling-cyber-chaos-5-days-after-attack/story?id=103148809
ByBill Hutchinson
September 14, 2023, 10:12 AM
Five days after a cyberattack crippled operations of MGM Resorts International, including its signature Las Vegas properties the Bellagio and the MGM Grand, the company said Thursday morning it is still working to resolve issues as another major resort operation, Caesars Entertainment, acknowledged it was also the target of a cyberattack.

Hackers struck MGM Resorts on Sunday morning, rendering doors to the chain's casinos and hotels unusable. Slot machines and ATM machines were also inoperable, elevators were out of order and customers had to wait hours to check into rooms. Even the company's website remains down.

"We continue to work diligently to resolve our cybersecurity issues while addressing individual guest needs promptly," MGM Resorts said a statement Thursday. "We couldn't do this without the thousands of incredible employees who are committed to guest service and support from our loyal customers. Thank you for your continued patience."

"It was kind of chaotic," Haywood told ABC Las Vegas affiliate station KTNV. "The machines wouldn't take our ticket. Lines everywhere. Just chaos."


MGM Hackers Broadening Targets, Monetization Strategies
https://www.securityweek.com/mgm-hackers-broadening-targets-monetization-strategies/

You want details?

Tracked as UNC3944 and also referred to as 0ktapus, Scatter Swine, and Scattered Spider, the hacking group has targeted at least 100 organizations, mostly in the United States and Canada. The group typically engages in SMS phishing campaigns (smishing), but has been broadening its skills and arsenal of tools and is expected to start targeting more industries.

Mandiant also noticed that the group shifted to ransomware deployment in mid-2023, which can be highly profitable. In some attacks, they were seen using the ALPHV (BlackCat) ransomware, but Mandiant believes they could use other ransomware as well, and they may “incorporate additional monetization strategies to maximize their profits in the future.”

The threat actor has been active since late 2021, typically employing smishing to obtain valid employee credentials and contacting the victim organization’s help desk to obtain multi factor authentication (MFA) codes or reset account passwords, by impersonating the targeted employees.

During such calls, the hacking group has been observed providing various types of verification information that the help desk requested, including personally identifiable information (PII), employee ID, and username.


more ....


Tactics of MGM-Caesars attackers were known for several months
https://www.scmagazine.com/news/tactics-of-mgm-caesars-attackers-were-known-for-several-months

Short:
According to a post on the X platform, formerly Twitter, vx-underground said APLHV used social engineering tactics to compromise MGM: "All ALPHV ransomware group did to compromise MGM resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation."


While these incidents have caused great disruption at Las Vegas casinos, what’s been most frustrating to security industry pros is that the social engineering and execution tactics of Scattered Spider — the threat group behind the attacks — have been well-known for several months.

Callie Guenther, cyber threat research senior manager at Critical Start, said Scattered Spider operates as a financially driven threat actor that has been active since at least May 2022.

In one of their recent attacks, Guenther said Scattered Spider used what's known as a Bring Your Own Vulnerable Driver (BYOVD) technique that involves the deployment of a vulnerable kernel-mode driver, such as the Intel Ethernet diagnostics drivers, as a way to gain elevated privileges within Windows systems, thereby evading endpoint detection and response (EDR) solutions.


Social engineering remains the number one problem, IMO.
Now, one has to ask, when IT help desks are replaced by AI bots, will this get better or worse?

A crap shoot?


Latest Discussions»Help & Search»Computer Help and Support»What goes on in Vegas ......