MGM Hack Likely the Result of Scattered Spider, Moody's Says Downgrade Possible
MGM Resorts on Wednesday said that a cyber incident that has significantly disrupted properties across the United States for the past three days represents a material risk to the company, CNBC reports.
The first blow comes as credit agency Moody's warned of a potential downgrade.
We are learning that Caesars was hacked last week and that the MGM attack was likely committed by the same group.
Scattered Spider is described by Avertium as a "stealthy and persistent threat actor targeting telecom networks".
Once inside a company's systems, the results are crippling as it avoids specialized malware and instead relies on reliable remote management tools to maintain access.
Since Sunday, MGM properties have reported room keys not working, malfunctioning slot machines and now comes word that the company may be unable to access payroll this Friday. At the Borgata in Atlantic City, it’s cash only, no comps or credit cards. One photo that went viral included what appeared to be an excruciatingly long check-in line at the Bellagio in Las Vegas Wednesday afternoon.
According to Avertium, Microsoft warned back in 2021 that adversaries were increasingly using legitimate drivers and their security vulnerabilities to execute malware.
By January 2023, CrowdStrike observed Scattered Spider attempting to deploy a Bring Your Own Vulnerable Driver (BYOVD) attack via an old kernel vulnerability (CVE-2015-2291), leveraging vulnerable third-party drivers as a way to evade detection by EDR.
BYOVD poses risks for organizations as it allows threat actors to exploit known vulnerabilities in third-party drivers, leading to system compromises, financial losses, and operational disruptions.
The FBI told CNBC on Monday it is monitoring the “ongoing” situation.
CNBC says that MGM is communicating with the media outlets through noncorporate, commercially available email addresses. The company has provided nominal information pertaining to any progress tackling the attack.
The hackers started targeting Caesars as early as Aug. 27, according to the people. The group had also demanded a ransom from MGM as the onset of that attack began Sunday.
- Aaron Goldstein, Gambling911.com
