Recent hacks of Caesars Entertainment and MGM-owned casinos have been linked to a group of teens and young adults who have aligned themselves with one of the most notorious ransomware gangs in the world. This trend has raised concerns among security experts and defenders of corporate computer networks.
The group, known as Scattered Spider, has been associated with a Telegram account that claimed responsibility for the MGM hack. As of now, many of the casino’s services remain offline. The exact makeup of the group is still unclear, but security researchers believe that its members are primarily English-speaking, financially motivated, and have been highly active over the past two years. They target large companies using stolen employee credentials and techniques such as convincing tech support employees that they are locked out of their computers and need a new password.
The hackers have evolved from cryptocurrency thefts to targeting businesses that provide third-party services like help desks and call center staffing. This allows them to infiltrate the networks of multiple customers. They have also resorted to deploying crippling ransomware while demanding money. In their latest attack, they partnered with APLHV, a hacking group affiliated with the Russian groups BlackMatter and DarkSide, which were responsible for the Colonial Pipeline hack.
New research presented at the LABScon security conference sheds light on the origin of the hackers. They refer to themselves as Star Fraud and are believed to consist of a few dozen individuals who form part of a larger association called the Com. The hackers connected through crimes enabled by SIM-swapping, which involves convincing phone company employees to give control of someone else’s phone number. These techniques have allowed them to bypass SMS text-based two-factor authentication on cryptocurrency accounts.
The researchers warn that the hackers’ behavior has attracted recruiters from Russian gangs who want to combine their business expertise with the local knowledge and techniques of native English speakers. The group’s actions have also been described as sociopathic, as they have previously engaged in sextortion and other malicious activities.
In the case of the MGM hack, the hackers gained control of Okta authentication servers, giving them wide authority within the internal systems. This incident mirrors the trajectory of the gang Lapsus$, which stole source code from major companies using similar techniques.
Security experts emphasize the importance of tackling these hackers and their criminal activities. The FBI has been actively pursuing ransomware groups, including their youthful affiliates, and is determined to bring them to justice. The agency works closely with federal and international partners to ensure that these bad actors face the consequences of their actions.
As cyber threats continue to evolve, it is crucial for businesses to invest in robust security measures and stay vigilant in detecting and preventing attacks. Collaborative efforts between law enforcement agencies, security researchers, and private companies will be vital in combating the growing menace posed by ransomware gangs and their affiliates.