LAS VEGAS (KLAS) — It’s been two days since the last official update on the MGM Resorts hack — a social media post by the company stating that operations have returned to normal.
And unfortunately, “normal” in the corporate world means divulging as little information as possible.
On Day 13 of the MGM hack the Nevada Gaming Commission is still waiting for an explanation of what happened at MGM and Caesars Entertainment. Journalists continue to trace the hack’s origin — and the motives of the people responsible.
The Washington Post reported Friday the Scattered Spider hackers are part of a group that calls itself Star Fraud. An interview with a researcher points to a history of sociopathic behavior. And the money involved is attracting new bad actors as potential recruits. The hackers are seen as “generally English-speaking, financially motivated” and very active over the past two years in tricking tech support employees into opening access.
A report on Vox delves into the human factor — the open door that hackers keep exploiting. An interview with a “chief people hacker” for IBM explains the nuances of phishing and vishing (the social hack that often occurs in a phone conversation … “voice” phishing). The headline, “The chaotic and cinematic MGM casino hack, explained,” almost makes you wonder who’s going to star in this movie? “Are we in the middle of Ocean’s 14 or is this just another ransomware attack?” a subheadline asks.
The Vox report also warns customers to be wary of emails claiming to be from MGM — “don’t click on any links or provide any credentials if asked.”
A report on TechCrunch indicates young adults and teenagers are part of Scattered Spider’s team. That could figure into their social engineering techniques, with sympathetic appeals to tech employees to just open that door a crack.
Another factor: the use of outsourced IT professionals. That adds to the difficulty of controlling access.
A Thursday meeting of the Nevada Gaming Commission provides more evidence of the unknowns surrounding the MGM hack and a reported ransomware incident at Caesars properties.
Gaming Commissioner Brian Krolicki said he wants a briefing when it’s possible. Details of the cases could guide the formulation of policy on reporting and reacting to such attacks.
“It would be — I think — important and certainly enlightening given the recent events of the past weeks regarding cybersecurity and ransomware, and particularly to MGM and to our friends at Caesars … how it impacts our world, our regulatory responsibilities,” he said.
“Right now the priority is just to recover and make sure that patrons are made whole, the systems are secure. But I think at some point in time when there is the energy and understanding of what just happened, if we could get some kind of briefing on what’s transpired that’s appropriate and for public record, and perhaps policy going forward,” Krolicki said.
Recent changes to Security and Exchange Commission rules now require reporting of cyberattacks on publicly traded companies.
“How do we avoid these things? If they do happen, what are the reporting schemes? Were these immediately reported to the Gaming Control Board?” Krolicki asked. “There are a lot of questions, a lot of publicity. It’s a global story and I just think it would behoove all of us to really get a good handle on just what happened.”