Over the past few weeks, a seemingly powerful hacking scheme has been going on in the city of Las Vegas. Casinos from both Caesar's Entertainment and MGM have been brought to a standstill. And, while it would appear to be a sophisticated attack by a group of professionals, the reality is far less impressive. The team behind the attacks is surprisingly young and uses standard social engineering to achieve their goals.
What's happening in Vegas?
The city of Las Vegas has been brought to its knees thanks to a series of hacking and ransomware attacks on the major casino groups. Both MGM and Caesar's Entertainment have seen attacks that have slowed or entirely disabled systems across the facility. These issues have affected systems from the check-in and check-out systems through the slot machines.
A walk through one of these hotels might make you think you're not in Las Vegas at all. The sounds of the machines are gone, as they have been completely disabled, most with blank error screens. Checking into a room requires paper processes and physical keys because even the keycard system has failed. Even ATMs have failed, leaving people without cash when they cannot pay with a card, also due to system shutdowns.
Caesar's, whose attack happened several weeks ago, addressed the issue in the worst possible way: by paying a ransom. The group behind the attack, Scattered Spider, had demanded $30 million in order to restore the operations of the organization. While the company paid a ransom, it was not the $30 million demanded. Instead, they paid somewhere around half and were back up and running. MGM seems to have not paid the ransom but fought the attack technologically.
Who is Scattered Spider?
While the group has managed to cripple a pair of multi-billion-dollar corporations within Las Vegas, the group itself is not a sophisticated team. In fact, the group ranges in age from 19 to 22, meaning there is not a ton of experience. However, in their time together, the group has managed to become one of the biggest threat actors in the industry. So, how did they manage to get into some of the most protected systems in business? Simple social engineering at the right place.
In the case of Caesar's, the group targeted their IT provider, a company outside of the organization. This gave the hacker group the ability to jump from the IT company into the Caesar's network. This is how they managed to shut down the company's systems.
However, in the case of MGM, it was a simple phone call and some basic social engineering that gave the attackers the ability to take control of MGM's systems. Combining this data gathering method with ALPHV, a malware subscription service, was all that was needed. ALPHV found an employee on LinkedIn, called the Help Desk as that employee, and was given system access. It was really as simple as that.
What is social engineering?
Social engineering is a form of attack that relies on exploiting people's natural tendency to trust. Through manipulative tactics, attackers can gain access to information or resources they would otherwise have been unable to get. Social engineering poses a serious threat to organizations and individuals alike, as it is difficult for even the most advanced security systems to detect or prevent. The best defense against social engineering attacks is educating employees about how to identify and respond to these threats.
ALPHV's successful attack was an example of social engineering in action, as they were able to gain access to the system simply by pretending to be someone else. Companies should take steps to ensure that their systems are secure against such attacks, including implementing strict password policies and regularly educating employees on the dangers of social engineering.