Caesars Admits To Being Pwned In Ransomware Attack…. And They Likely Paid Up
September 14, 2023 – Published on The IT Nerd
The IT Nerd spoke with Drew Schmitt, Practice Lead, GuidePoint Research and Intelligence Team (GRIT), at GuidePoint Security about two large casino ownership groups being pwned in a ransomware attack:
“Scattered Spider is well known for its affinity for large targets, and the victimization of MGM and Caesars proves that the group possesses the motivation and means to be successful in their operations targeting substantial organizations. Scattered Spider is well known for having very well-established social engineering capabilities that many groups do not, mainly because they are rumored to have a significant presence in the United States, a characteristic many other groups do not share. Scattered Spider is exceptionally persistent and technically competent at many techniques, including phishing, SMiShing, MFA bombing, and SIM swapping, which have all contributed to their successful social engineering campaigns. Recently, there have been increasing speculations that Scattered Spider has partnered with AlphV on several occasions to extort the organizations they have victimized successfully.
Regarding the MGM hack, there has been a lot of emphasis on the fact that a brief social engineering phone call resulted in widespread compromise within a huge organization. We currently do not have the complete picture, and although this method of intrusion highlights some potential gaps in cybersecurity processes, there is likely much more to this intrusion than meets the eye. Scattered Spider is highly determined and persistent in their operations; if it wasn’t for this social engineering attempt, it could have been another that relied on more technical means. Sometimes attackers get lucky, and this could be one of those times.
The reality of this situation is that Caesars and MGM were enormous organizations that became victims of ransomware. Still, so far in 2023, there have been over 2,800 public ransomware victims posted across leak sites belonging to more than 52 different threat actors. This number doesn’t include the victims that pay a ransom demand, a number which organizations like Caesars would belong to. The ransomware pandemic continues to be the most prolific threat that all industries and organizations, regardless of size, face. The Caesars and MGM hacks are a reminder that partnerships in intelligence sharing and investing in cybersecurity teams should be a significant topic of discussion for all organizations and that, as an industry, we need to continue moving fast to keep up with evolving threats.”