MGM and Caesars, two of the top entertainment companies in Las Vegas, have experienced significant hacker attacks. All 31 MGM resorts had their systems shut down, and Caesars paid the attackers millions of dollars to prevent a similar outcome.
Sources claim that ALPHV, also known as BlackCat, and the hacker group Scattered Spider collaborated to carry out the attacks. This group, which consists of people from the US and the UK, started operating in May 2022.
The techniques they employ for social engineering are extremely sophisticated. According to Stephen Ervin, senior consultant at TrustedSec, these hackers specialize in voice phishing attacks that go after call centers, help desks, and even security operations centers.
Another characteristic of Scattered Spider is its use of various social engineering techniques. Telegram, SMS, and SIM swapping are the three main platforms used for phishing campaigns.
To access the system for the first time, two-factor authentication (MFA) is used. Numerous requests to confirm the victim's identity are sent. The purpose of intrusive notifications is to annoy users enough that they will eventually consent to entering their data.
Additionally, hackers are launching DoS (denial of service) attacks using known vulnerabilities in Intel Ethernet card drivers. CVE-2015-2291 is one of these vulnerabilities.
Once a system has been breached, hackers can easily move through the network and attack cloud resources using credentials or tokens they have stolen.
According to Juan Perez, another researcher at TrustedSec, "Once they are highly effective in their penetration methods, they quickly move on to installing ransomware or compromising data."
Scattered Spider and ALPHV/BlackCat are able to increase their capabilities thanks to their alliance. Despite information to the contrary, experts have not yet been able to confirm that Scattered Spider is a division of BlackCat.
In 2021, the BlackCat ransomware virus was first identified. This group creates and markets malware known as ransomware as a service (RaaS). It was made with the Rust programming language.
Although some of the hackers are thought to be as young as 19, cybersecurity professionals are gravely concerned about their activity and professionalism.