At a glance.
- MGM Resorts incident now believed to be ransomware.
- Materiality of a cyber incident, as seen in the MGM and Caesars ransomware attacks.
- MetaStealer targets businesses.
- Cloud access with stolen credentials.
- The cloud as an expansive attack surface.
- His Highness the LLM Prince of (some of) Nigeria (and his widows and business managers, too).
- The Meduza spyware incident.
- Lessons from a Ukrainian hacktivist auxiliary.
MGM Resorts incident now identified as ransomware.
The attack on MGM Resorts International is now generally held to be a ransomware operation, but there's some lack of clarity over which gang is responsible. Vx-underground tweeted that the ALPHV ransomware gang had claimed responsibility, and that the attackers gained access through social engineering, specifically vishing. They put it this way: “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.” Hackread offers a more extensive account of this attribution that's open to the possibility that the attackers may represent an ALPHV subgroup.
But it seems increasingly unlikely that it was ALPHV. Other sources, Bloomberg and Reuters among them, charge the attack to Scattered Spider, also known as UNC3944, a younger criminal organization. (Younger both in terms of its recent appearance and the ages of its members, some of whom are believed to be teenagers operating from the US and the UK.) Some of the confusion may arise from Scattered Spider's use of ransomware encryptors and dump-site infrastructure made available by ALPHV. ALPHV has traded these in the C2C markets, the FBI says, since April of 2022 at least. In this case there may have been some direct collaboration between Scattered Spider and ALPHV. Scattered Spider has shown considerable aptitude for social engineering, attributable in part to their vishing operators being native speakers of English.
The hospitality sector, and especially its casino subsector, has long been more security-aware than most, but the Wall Street Journal concludes that connectivity in the industry seems to have outrun the casinos' ability to secure their systems. Recovery has involved reversion to many long-sidelined manual systems, giving the affected casinos a curiously retro, "oddly analog vibe."